Your one-stop web resource providing safety and security information to manufacturers

Departments

GCA Launches Security Platform for IoT Devices

The Global Cyber Alliance (GCA) launched the Automated IoT Defence Ecosystem (AIDE), a cybersecurity development platform for Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers and individuals to identify …

Johnson Controls Fixes Metasys Holes

Johnson Controls has an upgrade to mitigate reusing a nonce, key pair in encryption, and use of hard-coded cryptographic key vulnerabilities in its Metasys, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerab …

Fuji Electric Fixes Alpha5 Buffer Overflow

Fuji Electric has a new version to handle a stack-based buffer overflow vulnerability in its Alpha5 Smart Loader, according to a report with CISA. Successful exploitation of this vulnerability could allow an attacker to execute code under the privilege …

Siemens Updates SCALANCE Holes

Siemens has an update available to handle improper adherence to coding standards vulnerabilities in its SCALANCE products, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities, which Siemens self-report …

Siemens Fixes SINAMICS Hole

An update is available to mitigate an uncontrolled resource consumption vulnerability in Siemens’ SINAMICS, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, may allow an a …

No Security, Just Risk Measurement

By Gregory Hale Safety and security have differences, but in the end they focus on measuring risk and how that applies to what you are trying to protect. “There is no such thing as security, it is just the measurement of risk,” said Chris Roberts, chie …

Mitsubishi Electric RTU PoC Code Released

There is a public report of vulnerabilities with proof-of-concept (PoC) exploit code affecting Mitsubishi Electric smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products, according to a report with CI …

Delta Electronics Mitigates HMI Issue

Delta Electronics has mitigations available to handle out-of-bounds read and use after free vulnerabilities in its Industrial Automation DOPSoft, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities may …

OSIsoft Upgrade Clears PI Web API Holes

OSIsoft LLC has an upgrade available to mitigate inclusion of sensitive information in log files and protection mechanism failure vulnerabilities in its PI Web API, according to a report from CISA. Successful exploitation of these remotely exploitable …

Siemens Fixes SCALANCE X Switch Hole

Siemens has workarounds and mitigations to handle an uncontrolled resource consumption vulnerability in its SCALANCE X switches, according to a report with the Cybersecurity and Infrastructure Security Agency (CISA). Successful exploitation of this rem …

IL Silicone Plant Blast Finds No Cause

The May 3 explosion at AB Specialty Silicones of Waukegan, IL, that left four workers dead is nearing completion, and there is no definitive cause for the blast that also destroyed the plant, Waukegan fire officials said. The cause may never be known, …

Russian Nuclear Incident Kills 5

The failed test that ended in an explosion that left five atomic scientists dead last week along Russia’s White Sea involved a small nuclear power source, according to a top official at the institute where they worked. The men “tragically died while te …

Fatal NC Gas Blast an Accident: Report

An April 10 explosion that killed two people and injured 25 others after a natural gas pipeline ruptured in downtown Durham, NC, was an accident. The report follows a three-month investigation by Durham Fire Department officials in which more than 25 p …

Update to Wind River VxWorks Issues

Wind River has an update for the multiple vulnerabilities in its VxWorks, according to a report with US-CERT. The vulnerabilities are a stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations withi …

Hacking a Siemens PLC

By Gregory Hale It is possible to hack into Siemens S7-1500 programmable logic controllers (PLC), researchers said. By exploiting vulnerabilities, including the use of the same key on all of the S7-1500 PLCs, researchers were able to get into the syste …

Culture Key for Secure Environment

By Gregory Hale It wasn’t that long ago when Dino Dai Zovi learned the art of leverage and how just one worker can level the playing field against a behemoth. It all came during a capture the flag tournament at a Def Con conference years ago when he wa …

Security Must Learn to Communicate

By Gregory Hale Now that security has the attention of the leadership like the C-suite and the board, now it has to learn how to communicate. “If we communicate well to the board you might get more budget. If you communicate poorly you might get fired, …

KY Gas Pipeline Blast Cause Could Take a Year

A final report on the Lincoln County, KY, gas pipeline that exploded and killed one woman and injured scores of others could take over a year to complete, federal officials said. The National Transportation Safety Board (NTSB) is leading the investigat …

Fukushima Exhaust Stack Coming Down

Delicate work got under way last Thursday at the crippled Fukushima No. 1 nuclear power plant to dismantle an unstable exhaust stack so highly contaminated by radiation the task must be done by remote control. Initial plans had called for the work to s …

Honda Fixes Database Open on Internet

Honda Motor Company fixed a database related to the internal network and computers discovered on Shodan that had no authentication, a researcher said. The information available in an ElasticSearch database appeared to be an inventory of all Honda inter …

Pin It on Pinterest