SAP has closed a key security issue in SAP Manufacturing Integration and Intelligence (xMII), in its monthly critical patch update for February 2016.
According to security researchers at ERPscan, the issue in SAP xMII was a directory traversal vulnerability.
Providing a connection between shop-floor systems and enterprise business applications, SAP xMII can be used as a starting point of a multi-stage attack by malicious parties aiming to get control of plant devices and manufacturing equipment. It therefore plays an important role in the cybersecurity of manufacturing, oil and gas, energy and utility companies.
The directory traversal vulnerability was an entry point for hackers to penetrate plant floor and operational technology networks, where ICS and SCADA systems are located.
ERPscan recommends applying the latest SAP patches as soon as possible to protect businesses from these risks.