27 March 2019
Threat landscape for industrial automation systems. H2 2018Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
Filter
22 January 2019
Security research: ThingsPro Suite – IIoT gateway and device manager by MoxaThe security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.
06 September 2018
Threat landscape for industrial automation systems: H1 2018In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
26 March 2018
Threat Landscape for Industrial Automation Systems in H2 2017In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017.
22 January 2018
A silver bullet for the attacker. A study into the security of hardware license tokensIn the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems.
15 November 2017
The Relevance of WPA2 Vulnerabilities and KRACK Attacks to Industrial SystemsCritical vulnerabilities that have recently been identified in the WPA2 protocol enable threat actors to carry out Man-in-the-Middle (MitM) attacks and force devices connected to the network to reinstall encryption keys that protect traffic. These vulnerabilities can be used, among other things, to implement attacks on industrial automation systems.
19 June 2017
Vulnerable System Update Statistics. General ElectricThis article is devoted to vulnerabilities in General Electric products. The article looks only at known vulnerabilities, a list of which was prepared based using the MITRE CVE database. All the vulnerabilities in question were uncovered in 2012 – 2016.
28 March 2017
Threat Landscape for Industrial Automation Systems in the second half of 2016The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations.
09 December 2016
Vulnerability in Industrial Control software and quality of the patch managementKaspersky Lab ICS-CERT is launching a series of articles devoted to vulnerability analysis across the world. The articles aim to highlight patch management problems in the ICS world. Each article will focus on one popular ICS vendor and known vulnerabilities according to the MITRE Common Vulnerabilities and Exposures (CVE) database.
Filter
Filter
19 December 2019
Multiple vulnerabilities in Modicon controllersIf exploited, the vulnerabilities could result in denial of service. They can be fixed by updating device firmware
18 December 2019
Multiple vulnerabilities in SPPA-T3000 componentsVulnerabilities have been identified in SPPA-T3000 Application Server and MS3000 Migration Server. Some of the faults are critical and could allow attackers to execute arbitrary code on the server
17 December 2019
Multiple vulnerabilities in Siemens productsVulnerable solutions include SiNVR 3, XHQ Operations Intelligence, RUGGEDCOM ROS, and Siemens EN100
01 October 2019
Vulnerability in Cisco IOS and IOS XE affecting industrial routersAffected devices include Cisco 800 Series industrial routers and Cisco 1000 Series Connected Grid Routers (CGR 1000)
11 September 2019
Multiple vulnerabilities identified in Red Lion Controls Crimson softwareSuccessful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code, crash the device or view protected data
11 September 2019
Software vulnerabilities in EZ Touch Editor and EZ PLC EditorExploitation of the vulnerabilities could lead to remote code execution
16 July 2019
Dangerous vulnerabilities in Siemens TIA Administrator, SIMATIC WinCC and PCS7Vulnerabilities can lead to a denial-of-service condition and command execution without proper authentication
16 July 2019
Dangerous vulnerability in the IGSS systemThe vulnerability could allow an attacker to force the software to crash or to execute arbitrary code
16 July 2019
Multiple vulnerabilities in Schneider Electric Floating License ManagerIn addition to Schneider Electric, security issues affect products from AVEVA Vijeo Citect and Citect SCADA
09 July 2019
New vulnerability in Schneider Electric Modicon PLCsThe vulnerability is due to an improper check for unusual or exceptional conditions and could lead to denial of service