ICS Vendors Affected by Meltdown, Spectre

Friday, January 12, 2018 @ 01:01 PM gHale

Critical infrastructure asset owners/operators are learning about which vendors ended up affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

RELATED STORIES
WECON Clears HMI Editor Issues
New Firmware for Moxa’s MXview
Phoenix Contact Clears FL SWITCH Holes
Rockwell Clears MicroLogix Controller Hole

The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations for users:
ABB
Becton, Dickinson and Company (BD)
Rockwell Automation (account required for login) 
Siemens

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. 



Leave a Reply

You must be logged in to post a comment.