News

This is a archive for News.

Friday, November 17, 2017 @ 03:11 PM gHale

TransCanada, the company that owns and operates the Keystone Pipeline, said 210,000 gallons, or 5,000 barrels, of oil spilled near Amherst, SD. The cause of the leak is under investigation, the company said. RELATED STORIES
Phillips 66 Cat Cracker Incident
Study to Research LA Oil Spill Effects
Settlement in Pipeline Oil Spill
Pressure Test Led to Valdez Oil Spill TransCanada crews detected a drop in pressure at 6 a.m. CT Thursday morning and shut down the pipeline, which runs from Hardesty, Alberta, to Cushing, OK, and Wood River/Patoka, IL. Amherst is 200

Thursday, November 16, 2017 @ 02:11 PM gHale

Siemens has a plan to mitigate missing authentication for critical function, cross-site scripting and code injection vulnerabilities for its SICAM product, according to a report with ICS-CERT. SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00: All versions suffer from the remotely exploitable vulnerabilities, discovered by the SEC Consult Vulnerability Lab. RELATED STORIES
Moxa Releases New NPort Firmware
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems Successful exploitation of these vulnerabilities could allow an unauthenticated remote

Thursday, November 16, 2017 @ 02:11 PM gHale

Moxa created new firmware to mitigate injection, information exposure and resource exhaustion vulnerabilities in its NPort 5110, 5130, 5150, according to a report with ICS-CERT. Successfully leveraging these remotely exploitable vulnerabilities, discovered by Florian Adamsky who also tested the new firmware, could allow for remote code execution on the device. RELATED STORIES
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems
AutomationDirect Mitigates Software Glitch The following versions of NPort, a serial network interface, are affected:
• NPort 5110 Version 2.2

Wednesday, November 15, 2017 @ 04:11 PM gHale

By Gregory Hale
With all the talk of the connected, more digital workforce from Rockwell during its Automation Perspectives run up conference to Automation Fair 2017 in Houston, TX, one underlying message is security needs to continue to be a strong part of any manufacturer today and in the future. “We are just getting started,” said Blake Moret, president and chief executive at Rockwell Automation during his keynote address. “The power of IIoT (Industrial Internet of Things) allows (users) to connect, the develop advancements to keep people safe in the workplace, to monitor data on a rig miles away.

Wednesday, November 15, 2017 @ 03:11 PM gHale

By Gregory Hale
Any hallmark to a safety program is to keep workers, the plant and environment safe from whatever product the manufacturer is producing. But it doesn’t just have to be a cost center as it can also enable the business to be more productive. RELATED STORIES
MKO: Human Factors in Safety
MKO: Safety, ‘Never be Complacent’
Cyber PHA Secures Safety
Emerson: ‘Reliable Plant is a Safe Plant’ That is the thought process behind Honda of Canada Manufacturing, which was one of the winners in Rockwell Automation’s Manufacturing Safety Excellence

Tuesday, November 14, 2017 @ 08:11 PM gHale

Siemens has a mitigation plan to remedy issues in its SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities, discovered by Mathy Vanhoef of the Katholieke Universiteit Leuven in Belgium, could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication. RELATED STORIES
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems
AutomationDirect Mitigates Software Glitch
Siemens Fixes SIMATIC PCS 7 Issue Siemens reports the key reinstallation

Tuesday, November 14, 2017 @ 08:11 PM gHale

ABB is working on a fix for the key reinstallation attacks (KRACK) that potentially affects all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. RELATED STORIES
Philips Clears Hole in Medical Systems
AutomationDirect Mitigates Software Glitch
Siemens Fixes SIMATIC PCS 7 Issue
No Fixes for Outdated ABB FOX515T ABB released an advisory (1KHW02890) on the vulnerability, discovered by

Tuesday, November 14, 2017 @ 05:11 PM gHale

Philips created updates to mitigate a vulnerability in the Philips’ IntelliSpace Cardiovascular and Xcelera cardiac image and information management systems, according to a report with ICS-CERT. Successful exploitation of this remotely exploitable vulnerability could allow an attacker to gain unauthorized access to sensitive information stored on the system, modify device configuration, and gain access to connected devices. Philips discovered and reported the vulnerability. RELATED STORIES
AutomationDirect Mitigates Software Glitch
Siemens Fixes SIMATIC PCS 7 Issue
No Fixes for Outdated ABB FOX515T
New Version Clears Trihedral Holes The vulnerability affects the following versions

Tuesday, November 14, 2017 @ 02:11 PM gHale

Dunmore, PA-based McGregor Industries, Inc., operates a small business that fabricates, delivers, and installs light structural and other metal products for buildings, artistic projects, and anything requiring the cutting, bending, welding, and finishing of metal. During an inspection by the Wilkes-Barre Pennsylvania Occupational Safety and Health Administration (OSHA) Area Office, McGregor officials became interested in a program to boost its safety presence. RELATED STORIES
SHARP: Unicover in Mint Condition
SHARP Turn Means Safety for WBI Energy
Arnold Center Stays SHARP
Elevating SHARP to Star Site Status OSHA’s On-Site Consultation Program offers free

Tuesday, November 14, 2017 @ 02:11 PM gHale

Israeli startup Medigate launched today with a goal to secure the use of the millions of connected medical devices on healthcare provider networks. Backing for the technology platform, which lets CISOs and security teams defend networked medical devices from cyberattacks, comes from YL Ventures, with additional funding from Blumberg Capital. Medigate received $5.35 million in seed funding. RELATED STORIES
Kaspersky Lab’s Threat Hunting Services
Securing Industrial Control, IoT Devices
Rockwell Automation Invests in AI
IT-OT Network Monitoring Pact Healthcare providers depend on nearly 100 million connected medical devices to deliver cost-effective and lifesaving treatment to