Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords

by The Gurus
January 31, 2017
in Editor's News
Share on FacebookShare on Twitter

Positive Technologies has discovered a critical vulnerability in Schneider Electric StruxureWare Data Center Expert. The product from Schneider Electric, designed to monitor physical infrastructure at data centers, is used by banks, media corporations, circuit board manufacturers, insurers, medical centers, and other companies to manage the functioning of everything from cooling to backup generators at data centers.
The vulnerability is rated 7.6 on the CVSS v3 scale, a high score that reflects the ability of an outsider to obtain remote access to sensitive information found in critical data center support systems that are connected to StruxureWare Data Center Expert. An attacker can recover passwords from RAM on the client side of the platform, where they are held in unencrypted form.
“A hacker could use this flaw to penetrate the internal network at a data center, obtain confidential information, or even cause physical harm,” said Ilya Karpov, Head of the ICS Research and Audit Unit at Positive Technologies. “Data Center Infrastructure Management (DCIM) platforms have the ‘keys to the kingdom’ at a data center, since they are connected to all installed systems. A vulnerability such as this threatens the functioning of critical systems on which data centers depend: video surveillance, fire suppression, backup generators and generator control units, switches, pumps, UPS systems, and precision cooling.” 
Schneider Electric urges updating all installations of StruxureWare Data Center Expert to version 7.4[1].
In 2013 and 2014 Positive Technologies researchers also uncovered vulnerabilities in Schneider Electric Wonderware Information Server. At the Positive Hack Days IV international forum, participants in the Critical Infrastructure Attack competition located a number of vulnerabilities in Schneider Electric systems. In addition, in 2015 Ilya Karpov identified an issue involving unencrypted storage of passwords in InTouch Machine Edition 2014.
[1] Update available at https://dcimsupport.apc.com/display/public/download/DCE+device+firmware+catalog

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments

 Next Post

Irregular application testing leaves NHS trusts vulnerable to cyberattackers

Recent News

Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023
Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information