Siemens patches critical Intel AMT flaws
Two critical vulnerabilities have been patched by Siemens. The first one is related to Intel AMT (Active Management Technology) which is a function of certain Intel processors. The vulnerability allows an attacker to gain system privileges. The second vulnerability allows an attacker to execute and upload arbitrary code. Both vulnerabilities have been issued a CVSS v3 rating of 9.8 demonstrating the criticality of the nature.
Intel Core i5, i7, and XEON are all chipsets used in Siemens products which are commonly found in the chemical, water/wastewater, and energy industries. If these chipsets have AMT function enabled, remote code execution would be possible. On the other hand, the second vulnerability affects the company’s web portal prior to revision number 1453. specially crafted network packets can be sent to TCP port 80 and 443 potentially allowing the upload and execution of arbitrary code that would have permission of the operating system user.
The company is urging people to minimize network exposure, access systems remotely through aa VPN, and isolate networks behind firewalls.