Publications

Reports

Blog

News

Filter

23 May 2022

ISaPWN – research on the security of ISaGRAF Runtime

This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified.

vulnerabilities,
Rockwell Automation,
ISaGRAF

09 December 2016

Vulnerability in Industrial Control software and quality of the patch management

Kaspersky Lab ICS-CERT is launching a series of articles devoted to vulnerability analysis across the world. The articles aim to highlight patch management problems in the ICS world. Each article will focus on one popular ICS vendor and known vulnerabilities according to the MITRE Common Vulnerabilities and Exposures (CVE) database.

vulnerabilities,
Rockwell Automation

Malware

APT 29

Earth Longzhi

APT43

Andariel

APT41

Volt Typhoon

Lancefly

YoroTrooper

Sofacy

APT29

Mint Sandstorm

Tortoiseshell

Lazarus

APT31

EV-0530

Tropic Trooper

UNC4034/ZINC

UNC3890

POLONIUM

TA423/Red Ladon

Budworm

IRIDIUM/Sandworm

Cloud Atlas/Inception

Woody Rat

Worok

TA428

Zebrocy

GreyEnergy

Energetic Bear

Crouching Yeti

Companies and organisations 10

Schneider Electric

Rockwell Automation

Colonial Pipeline

OPC Foundation

Siemens

IIC

Fibaro

Moxa

Gemalto

General Electric

Industrial control systems 3

statistics

industrial cybersecurity

ICS security

Industries 17

ICS engineering

ICS integration

buildings automation

energy sector

automotive

manufacturing

oil & gas

electronics industry

government

transportation

waste recycling

construction

food & beverage

healthcare

logistics

pharmaceutical

utilities

Laws and regulation 3

biometric data

legislation

critical infrastructure

Malware 30

CloudWizard

CommonMagic

RomCom

Vice Society

Royal

Snake

MATA

Kryptik

PlugX

FourteenHi

MeatBall

ShadowPad

Log4Shell

Manuscrypt

PseudoManuscrypt

DarkSide

Cring

ThreatNeedle

SunBurst

MontysThree

RobinHood

LockerGoga

REvil

GandCrab

WannaCry

Ryuk

Milum

Expetr

CrashOverride/Industroyer

Products and services 12

ISaGRAF

Log4j

FortiGate

RMS

TeamViewer

SPPA-T3000

Codesys

Codesys Runtime

Fibaro Home Center

ThingsPro Suite

SafeNet

Machine Learning for Anomaly Detection

Technologies 22

miners

cloud services

Air-gapped networks

USB removable media

dataleak

digital twins

UMAS

IoT

fuzzing

firmware

SMTP

Java

VPN

RDP

RAT

OPC UA

steganography

VNC

cameras

802.11

Wi-Fi

WPA2

Types of threats 12

APT

ransomware

spyware

DLL hijacking

Stolen data exfiltration

hacktivists

phishing

vulnerabilities

cyberespionage

business email compromise

COVID-19

KRACK

Select an author

Select a date

Filter

20 April 2022

Vulnerability in ICS: assessing the severity

On the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.

vulnerabilities,
Rockwell Automation

31 March 2021

Good old buffer overflow

CISA has issued an advisory on a Rockwell Automation MicroLogix 1400 buffer overflow vulnerability

vulnerabilities,
PLC,
Rockwell Automation,
buffer overflow

Companies and organisations 5

Red Team

NIST

Rockwell Automation

Siemens

Schneider Electric

Industrial control systems 2

industrial cybersecurity

ICS security

Industries 1

smart cities

Laws and regulation 2

legislation

critical infrastructure

Technologies 3

PLC

NAT

industrial networks

Types of threats 6

APT

vulnerabilities

initial access

TTP

buffer overflow

MitM

Select an author

Select a date

Filter

27 June 2018

DoS vulnerability in Allen-Bradley CompactLogix and Compact GuardLogix controllers

Remote attackers could cause a denial-of-service condition in Allen-Bradley CompactLogix and Compact GuardLogix controllers by exploiting a vulnerability in these devices

Allen-Bradley,
vulnerabilities,
Rockwell Automation

09 June 2018

Serious vulnerability in RSLinx Classic and FactoryTalk Linx Gateway by Rockwell Automation

A serious vulnerability has been identified in Rockwell Automation solutions for industrial networks RSLinx Classic and FactoryTalk Linx Gateway

vulnerabilities,
Rockwell Automation

19 April 2018

Vulnerabilities in Rockwell Automation industrial networking solutions

Critical vulnerabilities have been identified in several Rockwell Automation industrial networking devices. The issue is due to Cisco IOS or IOS XE versions with multiple vulnerabilities being used in these devices

Allen-Bradley,
vulnerabilities,
Cisco IOS,
Rockwell Automation

30 March 2018

New vulnerabilities in Allen Bradley MicroLogix 1400 PLCs

Serious vulnerabilities have been closed in Allen Bradley MicroLogix 1400 PLC series. Exploitation of these vulnerabilities could lead to unauthorized modification of PLC configuration and cause the devices to enter a denial-of-service condition

Allen-Bradley,
vulnerabilities,
Rockwell Automation,
Cisco Talos

APT 1

GreyEnergy

Companies and organisations 49

FIRST

Claroty

Schneider Electric

Siemens

Emerson

Elexon

BlueScope

Stadler

DESMI

Energias de Portugal

Advantech

Picanol Group

NCA

Bapco

US Coast Guard

WAGO

Rheinmetall Group

Red Lion Controls

EZAutomation

IIC

Mitsubishi Electric

Phoenix Contact

ASCO Industries

Norsk Hydro

Zelio Soft

ENISA

Circontrol

AVEVA

Entes

Fuji Electric

Opto22

Princeton University

Symantec

Dragos

Wecon

Moxa

ABB

Allen-Bradley

Rockwell Automation

Yokogawa

Martem

OPC Foundation

Beckhoff

Intel

General Electric

Palo Alto Networks

US-CERT

MITRE

Abbott

Events and conferences 2

Kaspersky Industrial Cybersecurity Conference 2019

IT Security for Industrial Systems

Industrial control systems 5

smart manufacturing

Industry 4.0

industrial cybersecurity

IoT Security Maturity Model

ICS security

Industries 3

water supply

healthcare and medical

energy sector

Laws and regulation 2

cyber weapon

critical infrastructure

Malware 25

Ryuk

PoetRAT

REvil

Sodinokibi

Maze

Ragnar Locker

TrickBot

ZeroCleare

Dustman

Shamoon

Emotet

Yoroi

MartyMcFly

Leafminer

RASPITE

Thrip

VPNFilter

OMG

Mirai

TRITON

Satori

Reaper

Expetr

Bad Rabbit

Dragonfly

Products and services 58

ABB 800xA

WebAccess/NMS

Modicon

SPPA-T3000

SiNVR 3

XHQ Operations Intelligence

Cisco IOS

Crimson

EZ PLC Editor

EZ Touch Editor

FR Configurator2

SIMATIC

PCS7

TIA Administrator

WinCC

Interactive Graphical SCADA System

Floating License Manager

ABB Panel Builder 600

SICK MSC800

Advantech WebAccess

PC Worx

Automation Worx Software Suite

Cisco Industrial Network Director

Optergy Proton/Enterprise

SIMATIC PCS 7

SIMATIC WinCC

IIoT Monitor

GP-Pro EX

SINUMERIK

SESU

CirCarLife

Wecon PI Studio

Alpha5

FRENIC

AMS Device Manager

TD Keypad Designer

SCALANCE

PAC Control Basic

PAC Control Professional

PowerLogic

DeltaV

LeviStudioU

NPort

Panel Builder

e!DISPLAY

SIPROTEC

Stratix

Delta Industrial Automation

U.motion Builder

Cisco Talos

TELEM-GW6/GWM

PACSystems

FL SWITCH

TIM 1531 IRC

TwinCAT

Codesys

Nari PCS-9611

Dnsmasq

Technologies 11

Open Platform Communications

TCP/IP

IoT

HMI

RAT

PLC

industrial managed switches

USB removable media

satellite communications

cryptominers

Bluetooth

Types of threats 22

vulnerabilities

denial of service

ransomware

path traversal

argument injection

SQL injection

remote code execution

privilege escalation

XXE

phishing

COVID-19

FragmentSmack

SegmentSmack

improper privilege management

buffer overflow

APT

botnets

Spectre

Meltdown

IoT botnet

KRACK

BlueBorne

Select a date

Select a tag

Malware

APT 29

Earth Longzhi

APT43

Andariel

APT41

Volt Typhoon

Lancefly

YoroTrooper

Sofacy

APT29

Mint Sandstorm

Tortoiseshell

Lazarus

APT31

EV-0530

Tropic Trooper

UNC4034/ZINC

UNC3890

POLONIUM

TA423/Red Ladon

Budworm

IRIDIUM/Sandworm

Cloud Atlas/Inception

Woody Rat

Worok

TA428

Zebrocy

GreyEnergy

Energetic Bear

Crouching Yeti

Companies and organisations 10

Schneider Electric

Rockwell Automation

Colonial Pipeline

OPC Foundation

Siemens

IIC

Fibaro

Moxa

Gemalto

General Electric

Industrial control systems 3

statistics

industrial cybersecurity

ICS security

Industries 17

ICS engineering

ICS integration

buildings automation

energy sector

automotive

manufacturing

oil & gas

electronics industry

government

transportation

waste recycling

construction

food & beverage

healthcare

logistics

pharmaceutical

utilities

Laws and regulation 3

biometric data

legislation

critical infrastructure

Malware 30

CloudWizard

CommonMagic

RomCom

Vice Society

Royal

Snake

MATA

Kryptik

PlugX

FourteenHi

MeatBall

ShadowPad

Log4Shell

Manuscrypt

PseudoManuscrypt

DarkSide

Cring

ThreatNeedle

SunBurst

MontysThree

RobinHood

LockerGoga

REvil

GandCrab

WannaCry

Ryuk

Milum

Expetr

CrashOverride/Industroyer

Products and services 12

ISaGRAF

Log4j

FortiGate

RMS

TeamViewer

SPPA-T3000

Codesys

Codesys Runtime

Fibaro Home Center

ThingsPro Suite

SafeNet

Machine Learning for Anomaly Detection

Technologies 22

miners

cloud services

Air-gapped networks

USB removable media

dataleak

digital twins

UMAS

IoT

fuzzing

firmware

SMTP

Java

VPN

RDP

RAT

OPC UA

steganography

VNC

cameras

802.11

Wi-Fi

WPA2

Types of threats 12

APT

ransomware

spyware

DLL hijacking

Stolen data exfiltration

hacktivists

phishing

vulnerabilities

cyberespionage

business email compromise

COVID-19

KRACK

Select an author

Select a date

Filter

Select a tag

Companies and organisations 5

Red Team

NIST

Rockwell Automation

Siemens

Schneider Electric

Industrial control systems 2

industrial cybersecurity

ICS security

Industries 1

smart cities

Laws and regulation 2

legislation

critical infrastructure

Technologies 3

PLC

NAT

industrial networks

Types of threats 6

APT

vulnerabilities

initial access

TTP

buffer overflow

MitM

Select an author

Select a date

Filter

Select a tag

APT 1

GreyEnergy

Companies and organisations 49

FIRST

Claroty

Schneider Electric

Siemens

Emerson

Elexon

BlueScope

Stadler

DESMI

Energias de Portugal

Advantech

Picanol Group

NCA

Bapco

US Coast Guard

WAGO

Rheinmetall Group

Red Lion Controls

EZAutomation

IIC

Mitsubishi Electric

Phoenix Contact

ASCO Industries

Norsk Hydro

Zelio Soft

ENISA

Circontrol

AVEVA

Entes

Fuji Electric

Opto22

Princeton University

Symantec

Dragos

Wecon

Moxa

ABB

Allen-Bradley

Rockwell Automation

Yokogawa

Martem

OPC Foundation

Beckhoff

Intel

General Electric

Palo Alto Networks

US-CERT

MITRE

Abbott

Events and conferences 2

Kaspersky Industrial Cybersecurity Conference 2019

IT Security for Industrial Systems

Industrial control systems 5

smart manufacturing

Industry 4.0

industrial cybersecurity

IoT Security Maturity Model

ICS security

Industries 3

water supply

healthcare and medical

energy sector

Laws and regulation 2

cyber weapon

critical infrastructure

Malware 25

Ryuk

PoetRAT

REvil

Sodinokibi

Maze

Ragnar Locker

TrickBot

ZeroCleare

Dustman

Shamoon

Emotet

Yoroi

MartyMcFly

Leafminer

RASPITE

Thrip

VPNFilter

OMG

Mirai

TRITON

Satori

Reaper

Expetr

Bad Rabbit

Dragonfly

Products and services 58

ABB 800xA

WebAccess/NMS

Modicon

SPPA-T3000

SiNVR 3

XHQ Operations Intelligence

Cisco IOS

Crimson

EZ PLC Editor

EZ Touch Editor

FR Configurator2

SIMATIC

PCS7

TIA Administrator

WinCC

Interactive Graphical SCADA System

Floating License Manager

ABB Panel Builder 600

SICK MSC800

Advantech WebAccess

PC Worx

Automation Worx Software Suite

Cisco Industrial Network Director

Optergy Proton/Enterprise

SIMATIC PCS 7

SIMATIC WinCC

IIoT Monitor

GP-Pro EX

SINUMERIK

SESU

CirCarLife

Wecon PI Studio

Alpha5

FRENIC

AMS Device Manager

TD Keypad Designer

SCALANCE

PAC Control Basic

PAC Control Professional

PowerLogic

DeltaV

LeviStudioU

NPort

Panel Builder

e!DISPLAY

SIPROTEC

Stratix

Delta Industrial Automation

U.motion Builder

Cisco Talos

TELEM-GW6/GWM

PACSystems

FL SWITCH

TIM 1531 IRC

TwinCAT

Codesys

Nari PCS-9611

Dnsmasq

Technologies 11

Open Platform Communications

TCP/IP

IoT

HMI

RAT

PLC

industrial managed switches

USB removable media

satellite communications

cryptominers

Bluetooth

Types of threats 22

vulnerabilities

denial of service

ransomware

path traversal

argument injection

SQL injection

remote code execution

privilege escalation

XXE

phishing

COVID-19

FragmentSmack

SegmentSmack

improper privilege management

buffer overflow

APT

botnets

Spectre

Meltdown

IoT botnet

KRACK

BlueBorne

Select a date

Filter