Jul 13, 2023THNOT/ICS, SCADA Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities … [Read more...] about Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
Industrial
Industrial control systems security with Elastic Security and Zeek
Keeping track of all ICS asset history and accurate status in a global inventory is critical not only for purposes like maintenance, cost management, and environment optimization but also for the system's security. Well-implemented and maintained inventories are key to ICS security programs, since you can’t protect what you don’t know about. Knowing what is on the ICS network, … [Read more...] about Industrial control systems security with Elastic Security and Zeek
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
Jan 18, 2023Ravie LakshmananICS/SCADA Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code … [Read more...] about CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
Over a Dozen Flaws Found in Siemens’ Industrial Network Management System
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and … [Read more...] about Over a Dozen Flaws Found in Siemens’ Industrial Network Management System
Industrial cybersecurity: know the biases that can derail collaboration between OT and IT
In a successful marriage, each partner understands what the other needs—and what they can’t tolerate. Industrial cybersecurity requires the same sort of partnership, in this case between the operational technology (OT) and information technology (IT) teams. IT contributes the cybersecurity tools and skills. OT brings an understanding of each asset, its impact on the business, … [Read more...] about Industrial cybersecurity: know the biases that can derail collaboration between OT and IT
Extending Zero Trust Security to Industrial Networks
Recent cyber attacks on industrial organizations and critical infrastructures have made it clear: operational and IT networks are inseparably linked. With digitization, data needs to seamlessly flow between enterprise IT and industrial OT networks for the business to function. This tighter integration between IT, OT, and Cloud domains has increased the attack surface of both – … [Read more...] about Extending Zero Trust Security to Industrial Networks
10 Critical Flaws Found in CODESYS Industrial Automation Software
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from … [Read more...] about 10 Critical Flaws Found in CODESYS Industrial Automation Software
Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known … [Read more...] about Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
Securing industrial networks: What is ISA/IEC 62443?
Cyber attacks targeting industrial networks increased by 2000% from 2018 to 2019. Attacks on operational technology (OT) can interrupt production and revenue, expose proprietary information, or taint product quality. They can even put employees in harm’s way or damage the environment. Attacks on critical infrastructure—water, power, and transportation—can inflict devastating … [Read more...] about Securing industrial networks: What is ISA/IEC 62443?
How Does Triton Attack Triconex Industrial Safety Systems?
Triton is malware developed to affect industrial systems, particularly the Triconex safety system from Schneider. This is deployed at over 15,000 sites across the world, but the malware allegedly only targeted a critical energy industrial site in the Middle East in 2017. The attack, also known by the names of Trisis and Hatman, is broken down into different phases: Intrusion … [Read more...] about How Does Triton Attack Triconex Industrial Safety Systems?