Researchers discovered that some gateways made by Swiss industrial tech company ABB are affected by potentially serious vulnerabilities, but firmware updates will not be made available by the vendor as the impacted products have reached end of life.
Category Archives: SCADA / ICS
Siemens Patches Several Critical Flaws in SINUMERIK Controllers
Siemens informed customers this week that its SINUMERIK controllers are affected by denial-of-service (DoS), privilege escalation and code execution vulnerabilities, including several flaws that have been classified as “critical.”
Shamoon 3 Targets Energy Sector in Middle East
Italian oil and gas services company Saipem has confirmed that its systems were hit recently by a new variant of the notorious Shamoon malware. Shamoon may have also been used in attacks aimed at other energy sector organizations operating in the Middle East.
Italian Oil Services Company Saipem Hit by Cyberattack
Italian oil and gas services company Saipem reported on Monday that some of its servers were hit by a cyberattack.
Vulnerability Exposes Rockwell Controllers to DoS Attacks
Some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules are affected by a potentially serious vulnerability that can be exploited for denial-of-service (DoS) attacks.
Siemens Wants to Release Security Advisories on Patch Tuesday
Siemens wants to release security advisories on the second Tuesday of every month, similar to Microsoft, Adobe and SAP.
Symantec Unveils USB Scanning Station for ICS, IoT Environments
Symantec on Wednesday unveiled a new product designed to protect critical infrastructure organizations, including industrial and Internet of Things (IoT) environments, against USB-borne threats.
M2M Protocols Expose Industrial Systems to Attacks
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.
Siemens Warns of Linux, GNU Flaws in Controller Platform
Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities.
Gov Committee Raises Concerns Over UK Critical Infrastructure Security
The purpose of a government committee is to be critical. If it did nothing but agree with its subject matter status quo, there would be little point to it. That said, in the latest report published November 12, 2018 by the UK parliament's Joint Committee on the National Security Strategy, this committee is somewhat critical of the UK's National Security Strategy (NCS).
Trend Micro, Moxa Form New IIoT Security Company
Cybersecurity firm Trend Micro and industrial networking solutions provider Moxa on Thursday announced plans to form a joint venture corporation focusing on securing industrial internet of things (IIoT) environments.
CVSS Scores Often Misleading for ICS Vulnerabilities: Experts
While the Common Vulnerability Scoring System (CVSS) can be useful for rating vulnerabilities, the scores assigned to flaws affecting industrial control systems (ICS) may be misleading, which can have negative consequences for organizations, particularly if they rely solely on CVSS for prioritizing patches.
Congress Passes Bill Creating Cybersecurity Agency at DHS
The U.S. House of Representatives this week passed a bill that creates a new cybersecurity agency at the Department of Homeland Security (DHS).
Industrial Cybersecurity Firm Dragos Raises $37 Million
Industrial cybersecurity firm Dragos on Wednesday announced that it has raised $37 million in a Series B funding round, which brings the total raised by the company to date to over $48 million.
US Panel Warns Against Government Purchase of Chinese Tech
A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.
Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities
Siemens on Tuesday released 7 new advisories to inform customers of potentially serious vulnerabilities affecting various SIMATIC and SCALANCE products. Patches and/or mitigations are available for all impacted products.