ICS

Pierluigi Paganini April 12, 2018
Researchers discovered several flaws that expose electrical substations to hack

The ICS-CERT and Siemens published are warning organizations of security flaws in Siemens devices (SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices) that could be exploited by hackers to target electrical substations. “Successful exploitation of these vulnerabilities could allow an attacker to upload a modified device configuration that could overwrite access authorization passwords, or allow an […]

Pierluigi Paganini February 02, 2018
Hundreds of ICS products affected by a critical flaw in CODESYS WebVisu

Researcher discovered a critical vulnerability in the web server component of 3S-Smart Software Solutions’ CODESYS WebVisu product currently used in 116 PLCs and HMIs from many vendors, Security researcher Zhu WenZhe from Istury IOT discovered a critical stack-based buffer overflow vulnerability in the web server component of 3S-Smart Software Solutions’ CODESYS WebVisu product that allows users to view […]

Pierluigi Paganini February 01, 2018
Siemens fixed three flaws in plant management product Siemens TeleControl Basic system

Siemens has patched three security vulnerabilities in its Plant Management Product, the Siemens TeleControl Basic system. The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. The TeleControl Basic control center runs the TeleControl Server Basic software. The Siemens TeleControl Basic system allows organizations to monitor and control processes in […]

Pierluigi Paganini January 19, 2018
Triton Malware exploited a Zero-Day flaw in Schneider Triconex SIS controllers

The industrial giant Schneider discovered that the Triton malware exploited a zero-day vulnerability in Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization. In December 2017, a new malicious code dubbed Triton malware  (aka Trisis) was discovered by researchers at FireEye, it was specifically designed to target industrial control […]

Pierluigi Paganini January 13, 2018
Mobile App Flaws of SCADA ICS Systems Could Allow Hackers To Target Critical Infrastructure

IOACTIVE researchers warn that critical infrastructure mobile applications are being developed without secure coding compliance that could allow hackers to target SCADA Systems. In a report released today, by IOACTIVE, researchers’ advice that critical infrastructure mobile applications are being developed without secure coding compliance that could allow hackers to target Supervisory Control and Data Acquisition […]

Pierluigi Paganini December 16, 2017
Triton malware was developed by Iran and used to target Saudi Arabia

CyberX who analyzed samples of the Triton malware believes it was likely developed by Iran and used to target an organization in Saudi Arabia. Security experts from security firms FireEye and Dragos reported this week the discovery of a new strain of malware dubbed Triton (aka Trisis) specifically designed to target industrial control systems (ICS). Both FireEye and Dragos […]

Pierluigi Paganini December 14, 2017
New Triton malware detected in attacks against a Critical Infrastructure operator

Triton malware – A new strain of malware specifically designed to target industrial control systems (ICS) system has been spotted by researchers at FireEye A new strain of malware dubbed Triton specifically designed to target industrial control systems (ICS) has been spotted by researchers at FireEye. The Triton malware has been used in attacks aimed at an unnamed critical […]

Pierluigi Paganini October 15, 2017
Flaws in Siemens Building Automation Controllers open to hack. Fix them asap

Siemens has released a firmware update that addresses two vulnerabilities in its BACnet Field Panel building automation controllers. This week Siemens has released a firmware update for its BACnet Field Panel building automation products that solved two vulnerabilities, one of which is classified as high severity. The vulnerabilities affect APOGEE PXC and TALON TC BACnet […]

Pierluigi Paganini August 04, 2017
Microsoft Attempts To Fix Stuxnet For The Third Time

Microsoft released a new security update on June 17th in an attempt to patch a vulnerability which allowed the Stuxnet Virus to exploit Windows systems. The Stuxnet Virus which attacks Industrial Control Systems was first discovered in 2010 when it infected Iranian Programmable Logic Controllers.  Stuxnet compromises controllers by first targeting Windows operating systems and […]

Pierluigi Paganini June 13, 2017
ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was […]