More critical vulnerabilities identified in OPC protocol implementations
Solutions that use the OPC family of protocols are affected by multiple vulnerabilities that could lead to equipment failure, remote code execution or leaks of critical data
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gateways
The vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
Getting back on Treck: more vulnerabilities in the infamous TCP/IP Stack
Vulnerabilities have been identified in the IPv6 component in the Treck TCP/IP stack implementation. It is recommended that vendors of IoT devices using that implementation issue security advisories.
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitM
Siemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
Cryptographic deadly sins and the security of Modicon M100/M200/M221
Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
From buffer overflow to switchboard setup errors: vulnerabilities in building operation software by Schneider Electric
Vulnerabilities in Schneider Electric’s low-voltage distribution system configuration software could enable attackers to upload arbitrary files defining electrical system parameters
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoT
Sсhneider Electric has published an advisory on a critical vulnerability in the web server used in TM3 I/O expansion modules
Critical vulnerability in Schneider Electric HMI configuration software
The vulnerability could cause a Windows local user privilege escalation when using EcoStruxure™ Operator Terminal Expert and Pro-face BLUE software and WinGP runtime environment by Schneider Electric.
A classic that needs updating: fresh vulnerabilities in the software of Siemens SCALANCE X switches
DoS vulnerabilities have been disclosed in the integrated web server of Siemens SCALANCE X-200 / X-200IRT / X-300 switches. Measures proposed by the vendor do not prevent all possible attacks.
First things first: Kaspersky ICS CERT becomes new member of the global Forum of Incident Response and Security Teams (FIRST)
After rigorous assessment, Kaspersky’s Industrial Systems Emergency Response Team (ICS CERT) has officially joined FIRST – the global Forum of Incident Response and Security Teams.