News

This is a archive for News.

Tuesday, February 20, 2018 @ 02:02 PM gHale

There has been an update on ICS vendors offering updates for critical infrastructure asset owners/operators affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT. Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information. RELATED STORIES
ABB Fixes netCADOPS Web Application Hole
ABB Creates Fix for TropOS KRACK Attacks
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations

Tuesday, February 20, 2018 @ 01:02 PM gHale

ABB created updates to mitigate an information exposure vulnerability in its netCADOPS Web Application, according to a report with ICS-CERT. Successful exploitation of this remotely exploitable vulnerability, discovered by İsmail Erkek, could allow exposure of critical information about the database. RELATED STORIES
ABB Creates Fix for TropOS KRACK Attacks
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities
Schneider’s IGSS Mobile Fixed The following versions of netCADOPS Web Application, a web interface, suffer from the issue:
• netCADOPS Web Application Version 3.4 and prior
• netCADOPS Web Application Version 7.1

Monday, February 19, 2018 @ 05:02 PM gHale

Network monitoring provider, Claroty, released a security posture assessment product and enhancements to its Continuous Threat Detection product. This latest release, which broke last week at the ARC Industry Forum 2018 in Orlando, FL, incorporates real-time vulnerability monitoring and network hygiene insights with attack vector analysis, enabling industrial asset owners to fully protect revenue-generating industrial systems from rapidly growing threats. RELATED STORIES
Eaton in Power Mgt Security Pact with UL
TÜV Rheinland Expands into China, India
Claroty Gains RSA Certification
Spirent Earns Global CREST Accreditation “We know there are no silver bullets

Friday, February 16, 2018 @ 04:02 PM gHale

ABB has a fix for the key reinstallation attacks (KRACK) that potentially affects all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. RELATED STORIES
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities
Schneider’s IGSS Mobile Fixed
Schneider Clears StruxureOn Gateway Hole ABB released an advisory (1KHW02890) on the vulnerability, discovered by Mathy Vanhoef of the Katholieke Universiteit

Friday, February 16, 2018 @ 03:02 PM gHale

Nortek has an upgrade plan to mitigate a command injection vulnerability in its Linear eMerge E3 Series, according to a report with ICS-CERT. An access control interface, Linear eMerge E3 series Versions V0.32-07e and prior suffer from the remotely exploitable vulnerability, discovered by Evgeny Ermakov and Sergey Gordeychik. RELATED STORIES
GE Mitigates Relay Vulnerabilities
Schneider’s IGSS Mobile Fixed
Schneider Clears StruxureOn Gateway Hole
Meltdown, Spectre Affects Pepperl+Fuchs HMIs Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control

Friday, February 16, 2018 @ 03:02 PM gHale

GE created new firmware to mitigate a stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in its D60 Line Distance Relay, according to a report with ICS-CERT. D60 devices running firmware Version 7.11 and prior suffer from the remotely exploitable vulnerabilities, discovered by Kirill Nesterov of Kaspersky Labs. RELATED STORIES
Schneider’s IGSS Mobile Fixed
Schneider Clears StruxureOn Gateway Hole
Meltdown, Spectre Affects Pepperl+Fuchs HMIs
Schneider Updates IGSS SCADA Software Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on

Friday, February 16, 2018 @ 03:02 PM gHale

Schneider Electric has an update to mitigate an improper certificate validation and plaintext storage of a password vulnerabilities in its IGSS Mobile, according to a report with ICS-CERT. Successful exploitation of these locally exploitable vulnerabilities, discovered by Alexander Bolshev (IOActive) and Ivan Yushkevich (Embedi), could allow an attacker to execute a man-in-the-middle attack. In addition, passwords can be accessed by unauthorized users. RELATED STORIES
Schneider Clears StruxureOn Gateway Hole
Meltdown, Spectre Affects Pepperl+Fuchs HMIs
Schneider Updates IGSS SCADA Software
Wago Fixes PFC200 Series The vulnerabilities affect the following IGSS Mobile products:

Friday, February 16, 2018 @ 03:02 PM gHale

Schneider Electric created new software to mitigate an unrestricted upload of file with dangerous type vulnerability in its StruxureOn Gateway, according to a report with ICS-CERT. A software management platform, the vulnerability affects the StruxureOn Gateway, all versions prior to 1.2. RELATED STORIES
Meltdown, Spectre Affects Pepperl+Fuchs HMIs
Schneider Updates IGSS SCADA Software
Wago Fixes PFC200 Series
NXP Updates Fix for RTOS Successful exploitation of this remotely exploitable vulnerability discovered by Schneider Electric could allow a remote attacker to upload a malicious file to any directory on the device, which could lead

Friday, February 16, 2018 @ 02:02 PM gHale

By Gregory Hale
An initiative started two years ago focused on open process automation is gaining more steam and moving forward to the point where they are getting into the collaborating and developing field trials with operating companies. “We want to innovate our operations,” said Ken Warren, vice president engineering at ExxonMobil Research and Engineering during his keynote presentation at the ARC Advisory Group Industry Forum 2018 in Orlando, FL, this week. “You never know where innovation is going to take you.” RELATED STORIES
Siemens, Partners Ink Cybersecurity Charter
Safety System Attack: Plan to Wake

Friday, February 16, 2018 @ 02:02 PM gHale

By Gregory Hale
In the wake of the targeted malware attack discovered before it could cause severe damage against a Schneider Electric Triconex safety system in the Middle East, there has been a movement to get a better understanding and a joint effort to create a more cyber secure industry. Along those lines, Siemens and eight industry partners Friday signed a joint charter for cybersecurity at the Munich Security Conference. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization. RELATED STORIES
Safety System Attack: