The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory [PDF file] warning of two vulnerabilities in the Siemens FactoryLink industrial control system software.
"Buffer overflow and data corruption vulnerabilities, discovered by researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center, affect ActiveX components in Siemens Tecnomatix FactoryLink versions V220.127.116.11, V7.5.217 (V7.5 SP2), and V6.6.1 (V6.6 SP1)," Infosecurity reports.
"Siemens has released a patch to its customers to address these vulnerabilities," the article states.
Go to "Flaws in Siemens FactoryLink could be exploited remotely" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.