Blog Posts Tagged with "Industrial Control Systems"

E313765e3bec84b2852c1c758f7244b6

Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SpecView Directory Traversal Vulnerability

August 08, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SIMATIC S7-400 Denial of Service Vulnerabilities

August 07, 2012 Added by:Infosec Island Admin

Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Top Cyber Security Experts Meet for Smart Grid Security Summit

August 07, 2012 Added by:Larry Karisny

From securing Intrusion Prevention Systems (IPS) that now must securely encrypt the new end point of nano sensors chip sets to Intrusion Detection Systems (IDS) that must now be able to view real time event anomalies and business processes, this discussion showed the need for security technology change...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: ICONICS GENESIS32 and BizViz Vulnerabilities

August 06, 2012 Added by:Infosec Island Admin

Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow Vulnerability

August 03, 2012 Added by:Infosec Island Admin

Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Kessler-Ellis Products Exploit POC

August 02, 2012 Added by:Infosec Island Admin

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic Step 7 DLL Vulnerability

July 25, 2012 Added by:Infosec Island Admin

Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack

July 24, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: OSIsoft Stack-Based Buffer Overflow Vulnerability

July 23, 2012 Added by:Infosec Island Admin

ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Energy Department Develops Tool for Electric Grid Cybersecurity

July 19, 2012 Added by:Headlines

“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Windows XP Support End of Life

July 18, 2012 Added by:Infosec Island Admin

ICSCERT has identified three technology deployment areas to evaluate when considering the upcoming EOL of XP SP3 across ICS environments. Applications installed on Windows XP SP3 operating system builds on standard IT equipment, including engineering workstations, HMI servers, historian systems, etc...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities

July 16, 2012 Added by:Infosec Island Admin

Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST: Test Framework for Upgrading Smart Electrical Meters

July 13, 2012 Added by:Infosec Island Admin

"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

EU-US Workshop on Cyber Security of ICS and Smart Grids

July 12, 2012 Added by:Infosec Island Admin

ICS and the smart grids are two of these priority areas identified by the EU-US WG. In the last decade, these systems have been facing a notable number of incidents, including the manifestation of Stuxnet which raised a lot of concerns and discussions among all the actors involved in the field...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »