ICS Spectre, Meltdown Update, Again

Tuesday, February 20, 2018 @ 02:02 PM gHale

There has been an update on ICS vendors offering updates for critical infrastructure asset owners/operators affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

RELATED STORIES
ABB Fixes netCADOPS Web Application Hole
ABB Creates Fix for TropOS KRACK Attacks
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities

The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations for users:
ABB
Abbott
Becton, Dickinson and Company (BD)
Beckman Coulter
Emerson (account required for login)
General Electric (account required for login, reference ID 000020832)
Honeywell
Johnson and Johnson
Medtronic
OSIsoft
Philips
Rockwell Automation (account required for login)
Schneider Electric
Siemens
Smiths Medical
Stryker

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. 



Leave a Reply

You must be logged in to post a comment.