Please ensure Javascript is enabled for purposes of website accessibility

Tenable finds security flaw in industrial control software

Tenable's current headquarters is on Columbia Gateway Drive. (Tenable photo)

Tenable’s current headquarters is on Columbia Gateway Drive. (Tenable photo)

A Columbia cybersecurity company said it found a vulnerability in design and automation software that could be used as a stepping stone for a tailored attack.

Tenable Inc. said Tuesday that the flaw in the Siemens STEP 7 TIA Portal would allow an unauthenticated attacker to perform any administrative actions on the system, which would let them add add malicious code to connected industrial control systems, or harvest data for a future attack. Such an attack could result in damage or destruction of equipment, as well as espionage and a disruption of operations, Tenable said in a news release.

Siemens has released patches to address the vulnerability, Tenable said.


To purchase a reprint of this article, contact [email protected].