nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Intel AMT bug bit Siemens industrial PCs

Patches issued for 38 products, plus bonus Web portal bug-fix

By Richard Chirgwin, 3 Jul 2017

You don't need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week.

The bug in Intel's Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010.

In Siemens's case, 38 product series use vulnerable Intel chipsets (the company lists them in this PDF). They include SIMATIC industrial PCs, SINUMERIK control panels and SIMOTION P320 PCs.

The company has shipped patches for the SIMATIC PCs, but is still working on the control panel products.

Patches are listed here.

The other fix Siemens issued last week was for its ViewPort for Web Office Portal, which was vulnerable to crafted packets over HTTP or HTTPS, which could be exploited to upload and execute arbitrary code with system-level privilege. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing