1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SAP slaps patch on leaky factory software

Discussion in 'CSO' started by RSS, Feb 10, 2016.

  1. RSS

    RSS New Member Member

    SAP's February round of critical software updates includes one for SAP Manufacturing Integration and Intelligence (xMII) that may be of interest to hackers and spies.

    The software is widely used in manufacturing industry, where it connects factory-floor systems to business applications for performance monitoring -- but a flaw in it meant that restrictions on who could see what were not enforced.

    The patch for xMII fixes a directory traversal vulnerability, SAP reported Tuesday in security note 2230978.

    The vulnerability could have allowed attackers to access arbitrary files and directories on an SAP fileserver, including application source code, configuration and system files and other critical technical and business-related information, security researchers at ERPScan said Wednesday.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page