ICS-SCADA

Pierluigi Paganini January 28, 2021
CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite

The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory to warn industrial organizations of some high severity flaws in SCADA/HMI products made by Japanese electrical equipment company Fuji Electric. The vulnerabilities affect […]

Pierluigi Paganini January 16, 2021
Siemens fixed tens of flaws in Siemens Digital Industries Software products

Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […]

Pierluigi Paganini December 12, 2020
NI CompactRIO controller flaw could allow disrupting production

A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization. A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. The National Instruments CompactRIO product, a rugged, real-time controller that provides high-performance […]

Pierluigi Paganini December 04, 2020
Iranian hackers access unsecured HMI at Israeli Water Facility

A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. The threat actors accessed […]

Pierluigi Paganini November 30, 2020
Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020. Schneider Electric is a vendor specialized […]

Pierluigi Paganini November 29, 2020
A critical flaw in industrial automation systems opens to remote hack

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […]

Pierluigi Paganini November 13, 2020
Security flaws in Schneider Electric PLCs allow full take over

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). Four encryption and authentication issues in Modicon […]

Pierluigi Paganini October 24, 2020
US Treasury imposes sanctions on a Russian research institute behind Triton malware

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated, pursuant to […]

Pierluigi Paganini October 14, 2020
Talos experts disclosed unpatched DoS flaws in Allen-Bradley adapter

Cisco Talos found several remotely exploitable denial-of-service (DoS) vulnerabilities in a Rockwell Automation industrial automation product. A researcher from Cisco Talos released technical details of several remotely exploitable denial-of-service (DoS) vulnerabilities in an industrial automation product made by Rockwell Automation. The product affected by the flaw is the Allen-Bradley 1794-AENT Flex I/O series B adapter, […]

Pierluigi Paganini September 21, 2020
FERC, NERC joint report on cyber incident response at electric utilities

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities. The report is based on information […]