Siemens has revealed a severe security vulnerability (CVE-2024-56336) in specific SINAMICS S200 drive systems, allowing attackers to exploit an unlocked bootloader. With a CVSS score of 9.8, this flaw compromises device security, enabling code injection and untrusted firmware installation. Siemens advises users to isolate affected systems, implement security measures, and monitor for unauthorized access, as no firmware update is available yet.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
