ICS Summary for Week of October 27, 2017

Critical Vulnerabilities Found in SATCOM Systems Researchers at IOActive have found two critical vulnerabilities in the AmosConnect 8 SATCOM systems.  Created by telecommunications company, Inmarsat, the AmosConnect 8 system provides access to e-mail, instant messages, position reporting, crew internet, automatic file transfer, and application integration Continue Reading

ICS Summary for Week of October 20, 2017

SpiderControl MicroBrowser Found Vulnerable ICS-CERT has released an advisory for SpiderControl’s Microbrowser system.  Security researcher, Karn Ganeshen, reported a vulnerability in the Swiss-based company’s touch panel operating system that, if exploited, would allow an attacker to execute arbitrary code on the system (ICS-CERT, 2017).  SpiderControl Continue Reading

ICS Summary for Week of October 12, 2017

JanTek TCP/IP Converter Vunerabilities Found – No Patch Available Security researcher, Karn Ganeshan, found two vulnerabilities in the JTC-200 TCP/IP converters.  The products from Taiwan-based company, JanTek, are primarily used in the Critical Manufacturing sector in Europe and Asia.  The vulnerabilities, if exploited could allow Continue Reading

ICS Summary for Week of October 6, 2017

Siemens Data Manager Found Vulnerable ICS-CERT reported this week that security researcher, Maxim Rupp, found a vulnerability in Siemens’ 7KT PAC1200 data manager.  This vulnerability allowed a remote attacker to bypass authentication and perform high level administration functions on the exploited device.  Siemens has released Continue Reading

ICS Summary for Week of September 22, 2017

SCADA Webserver Found Lacking Proper Authentication A SCADA webserver made by Swiss-based company, iniNet Solutions GmbH, was found to have a critical vulnerability that may allow a malicious attacker to gain access to human-machine interface (HMI) pages without authentication.  The third party software is used Continue Reading

ICS Summary for Week of September 14, 2017

Syringe Infusion Pumps Vulnerable to Remote Attacks ICS-CERT has published an advisory detailing eight vulnerabilities found in Medfusion 4000 Wireless Syringe Infusion Pump manufactured by US-based device maker Smiths Medical.  These systems are meant to deliver accurate small doses of medication to patients in critical Continue Reading

ICS Summary for Week of September 8, 2017

Dragonfly 2.0: Hackers Targeting Western Energy Sector Symantec has released a report detailing the new activities of the Dragonfly (also known as Crouching Yeti and Energetic Bear) hacking group.  This group has been around since at least 2010, but security groups first reported on them Continue Reading

ICS Summary for Week of September 1, 2017

Cobot Exploitation Could Lead to Security Nightmare In a recent report, IOActive researchers have found that Cobots (industrial collaborative robots) have a slew of vulnerabilities that can cause harm to its users.  Because of the affordability and ease of use, cobots are becoming more and Continue Reading

ICS Executive Summary for Week of August 18, 2017

US Pipeline Systems Need Better Cybersecurity Researchers at Ponemon Institute were sponsored by Siemens to investigate the cybersecurity risks in the Oil and Gas industry.  They focused specifically on the risks in operational technology (OT), the hardware and software meant to manage the industrial systems. Continue Reading

ICS Executive Summary for Week of August 11, 2017

Solar Panels Vulnerable to Attacks Dutch researcher, Willem Westerhof, revealed that he found a great number of vulnerabilities in solar panels widely used across Europe.  Because the power grids in Europe are very intertwined, the exploitation of these vulnerabilities could allow an attacker to cause Continue Reading