ICS Spectre, Meltdown Update Part IV

Thursday, March 1, 2018 @ 04:03 PM gHale

There has been another in a series of ongoing updates on ICS vendors offering information for critical infrastructure asset owners/operators affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

RELATED STORIES
Delta Electronics Clears DOPSoft Hole
Moxa Fixes OnCell G3100-HSPA Series
Siemens Fixing SIMATIC, SIMOTION, SINUMERIK
Philips Fixing ISP Vulnerabilities

The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations for users:
ABB
Abbott
Becton, Dickinson and Company (BD)
Beckman Coulter
Dräger
Emerson (account required for login)
General Electric (account required for login, reference ID 000020832)
Honeywell
Johnson and Johnson
Medtronic
OSIsoft
Pepperl+Fuchs
Philips
Rockwell Automation (account required for login)
Schneider Electric
Siemens
Siemens
Smiths Medical
Stryker
Yokogawa Electric Corporation

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.



Leave a Reply

You must be logged in to post a comment.