Security News > 2021 > February > Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels
Siemens has released patches for some of its SIMATIC human-machine interface panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.
SIMATIC HMI panels are designed for operator control and the monitoring of machines and plants.
Affected devices that have Telnet enabled do not require any authentication, allowing a remote attacker to gain full access to a device, Siemens said.
The German industrial giant said the vulnerability impacts SIMATIC HMI Comfort Panels, including SIPLUS products designed for extreme conditions, and SIMATIC HMI KTP Mobile Panels.
According to the researcher, an attacker could exploit the vulnerability to use the HMI as a foothold in the targeted network - the devices run Windows CE and he says there is no endpoint protection available.
Yen said the vulnerability can also be leveraged to brick a device and temporarily prevent the operator from interacting with factory processes.