Home / News

News

More critical vulnerabilities identified in OPC protocol implementations

04 March 2021

Solutions that use the OPC family of protocols are affected by multiple vulnerabilities that could lead to equipment failure, remote code execution or leaks of critical data
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gateways

09 February 2021

The vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
Getting back on Treck: more vulnerabilities in the infamous TCP/IP Stack

05 February 2021

Vulnerabilities have been identified in the IPv6 component in the Treck TCP/IP stack implementation. It is recommended that vendors of IoT devices using that implementation issue security advisories.
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitM

02 February 2021

Siemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
Cryptographic deadly sins and the security of Modicon M100/M200/M221

28 January 2021

Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
From buffer overflow to switchboard setup errors: vulnerabilities in building operation software by Schneider Electric

27 January 2021

Vulnerabilities in Schneider Electric’s low-voltage distribution system configuration software could enable attackers to upload arbitrary files defining electrical system parameters
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoT

26 January 2021

Sсhneider Electric has published an advisory on a critical vulnerability in the web server used in TM3 I/O expansion modules
Critical vulnerability in Schneider Electric HMI configuration software

26 January 2021

The vulnerability could cause a Windows local user privilege escalation when using EcoStruxure™ Operator Terminal Expert and Pro-face BLUE software and WinGP runtime environment by Schneider Electric.
A classic that needs updating: fresh vulnerabilities in the software of Siemens SCALANCE X switches

26 January 2021

DoS vulnerabilities have been disclosed in the integrated web server of Siemens SCALANCE X-200 / X-200IRT / X-300 switches. Measures proposed by the vendor do not prevent all possible attacks.
First things first: Kaspersky ICS CERT becomes new member of the global Forum of Incident Response and Security Teams (FIRST)

23 November 2020

After rigorous assessment, Kaspersky’s Industrial Systems Emergency Response Team (ICS CERT) has officially joined FIRST – the global Forum of Incident Response and Security Teams.