News

This is a archive for News.

Thursday, July 19, 2018 @ 02:07 PM gHale

An entire village of Caledonia, IL, was forced to evacuate for a few hours Tuesday afternoon following a gas leak, officials said. The incident ended up contained around 4 p.m. and was no longer considered a threat to the public and all roads were reopened, according to the Boone County Sheriff’s Department. The gas leak occurred at 1:40 p.m. RELATED STORIES
PA Ammonia Leak Forces Evac
Fire Damages WV Aluminum Plant
Crews Fight Metal Shredder Fire
Corrosive Chem Spill at DE Poultry Plant The gas leak occurred near a grainery and crews

Thursday, July 19, 2018 @ 02:07 PM gHale

Moxa has new firmware to mitigate a resource exhaustion vulnerability in its NPort 5210, 5230, 5232 products, according to a report with NCCIC. Successful exploitation of this vulnerability, discovered by Mikael Vingaard, could allow a remote attacker to send TCP SYN packages, causing a resource exhaustion condition that would cause the device to become unavailable. RELATED STORIES
Echelon Fixes Multiple Vulnerabilities
AVEVA InTouch Updates Available
AVEVA Hotfix for Stack-Based Buffer Overflow
ABB Looking to Fix Panel Builder 800 A serial network interface, NPort 5210, 5230, and 5232 Versions 2.9 build 17030709 and

Thursday, July 19, 2018 @ 02:07 PM gHale

Echelon has updated software to mitigate multiple vulnerabilities in its SmartServer 1, SmartServer 2, i.LON 100, and i.LON 600 products, according to a report with NCCIC. The vulnerabilities include an information exposure, authentication bypass using an alternate path or channel, unprotected storage of credentials, and a cleartext transmission of sensitive information. RELATED STORIES
AVEVA InTouch Updates Available
AVEVA Hotfix for Stack-Based Buffer Overflow
ABB Looking to Fix Panel Builder 800
WAGO Fixes e!DISPLAY Holes Successful exploitation of these remotely exploitable vulnerabilities, discovered by Echelon who worked with Daniel Crowley and IBM’s X-Force

Thursday, July 19, 2018 @ 02:07 PM gHale

AVEVA Software, LLC. (AVEVA) has updated software to mitigate a stack-based buffer overflow in its InTouch, according to NCCIC. Successful exploitation of this remotely exploitable vulnerability, discovered by George Lashenko of CyberX, could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI. Systems are only vulnerable if the operating system locales do not use a dot floating point separator. RELATED STORIES
AVEVA Hotfix for Stack-Based Buffer Overflow
ABB Looking to Fix Panel Builder 800
More

Thursday, July 19, 2018 @ 01:07 PM gHale

AVEVA Software, LLC (AVEVA) has a hotfix to handle a stack-based buffer overflow in its InduSoft Web Studio and InTouch Machine Edition, according to a report with NCCIC. The listed products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and write, which may allow remote code execution. Tenable Research reported this vulnerability to AVEVA. RELATED STORIES
ABB Looking to Fix Panel Builder 800
WAGO Fixes e!DISPLAY Holes
PEPPERL+FUCHS Releases Vulnerability Guidelines

Thursday, July 19, 2018 @ 01:07 PM gHale

North Carolina-based LabCorp Diagnostics, one of the largest clinical laboratories in the U.S., was forced to shut down its network Sunday after hackers were able to get in. Over the weekend of July 14, hackers got into LabCorp’s network. Company officials immediately took certain systems offline as part of its breach response policy to contain the hack. As a result, test processing and customer access to test results was temporarily impacted. RELATED STORIES
Summit: How to Keep Security Balanced
Digital Disruption: The Race is On
HUG: Cybersecurity Plan of Action
Age of

Wednesday, July 18, 2018 @ 02:07 PM gHale

Process unit startups and shutdowns are significantly more hazardous than normal oil refinery or chemical facility operations. A startup is a planned series of steps to take a process from an idle, at rest, state to normal operation. A shutdown is the reverse sequence. The Center for Chemical Process Safety (CCPS), an industry-sponsored membership organization that identifies and addresses process safety needs within the chemical, pharmaceutical, and petroleum industries, determined that a majority of process safety incidents occur during a plant startup, even though it represents only a small portion of the operating life of a plant. Process safety incidents

Wednesday, July 18, 2018 @ 01:07 PM gHale

EDITOR’S NOTE: While digital technologies will support cost efficiency in a growing gas industry, greater connectivity can raise cyber risk. Oil and gas quality assurance and risk management company, DNV GL, released a recommendation on how to manage cyber threats to the operational technology of gas networks. The spread of digital technologies in the oil and gas industry is generating new opportunities to improve performance, profitability and sustainability, but it also brings new safety and security challenges in operations, including gas networks. Gas transmission system operators are looking at artificial intelligence, the Industrial Internet of Things (IIoT), machine learning and

Wednesday, July 18, 2018 @ 11:07 AM gHale

A Wicklow, Ireland, resident was finally extradited to the United States to face drug, computer intrusion and money laundering charges, officials said. Charges against Gary Davis, 30, stem from his involvement for the now defunct “dark web” marketplace Silk Road, law enforcement officials said. RELATED STORIES
Ex-Apple Engineer Busted for Stealing Self-Driving Car Plans
2 Traders Guilty in Newswire Hacking Case
2 Teens Busted for Hacking
8 Busted in Email Fraud Schemes He was extradited to the United States to face charges in New York four years after his arrest, prosecutors said

Tuesday, July 17, 2018 @ 04:07 PM gHale

ABB is currently investigating an improper input validation vulnerability and recommends users follow certain guidelines until a corrected version is available for its Panel Builder 800, according to a report with NCCIC. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file. RELATED STORIES
WAGO Fixes e!DISPLAY Holes
PEPPERL+FUCHS Releases Vulnerability Guidelines
Eaton Fixes