Your one-stop web resource providing safety and security information to manufacturers

News

Advice on Connecting an IoT Device

The NIST report helps an organization consider cybersecurity and privacy risks that emerge when IoT devices link to a network.Source: M. Bigham/Huntington Ingalls Industries, N. Hanacek/NIST In a continuing move to help all Internet of Things (IoT) use …

Schneider Fixes Floating License Manager

Schneider Electric has an upgrade available to handle improper validation and memory corruption vulnerabilities in its Floating License Manager, according to a report with NCCIC. These remotely exploitable vulnerabilities could allow an attacker to den …

AVEVA Handles Floating License Manager Issue

AVEVA has an upgrade plan to handle an improper input validation and memory corruption vulnerabilities in its Vijeo Citect and Citect SCADA Floating License Manager, according to a report with NCCIC. These vulnerabilities could allow an attacker to den …

Philips has Plan to Fix Holter 2010 Plus Hole

Philips has a plan to handle a use of obsolete function vulnerability in its Holter 2010, according to a report with NCCIC. Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. Philips self-re …

GE Mitigation Plan for Anesthesia Devices

GE has recommendation and will provide updates and additional security information on an improper authentication vulnerability in its Aestiva and Aespire Anesthesia devices, according to a report with NCCIC. Successful exploitation of this vulnerabilit …

Emerson Patches DeltaV DCS

Emerson has a patch available to mitigate a use of hard-coded credentials vulnerability in its DeltaV Distributed Control System (DCS), according to a report with NCCIC. Successful exploitation of this vulnerability, discovered by Benjamin Crosasso of …

Rockwell Fills Hole in PanelView 5510

Rockwell Automation has updated software to handle an improper access control vulnerability in its PanelView 5510, according to a report with NCCIC. Successful exploitation of this remotely exploitable vulnerability could allow a remote unauthenticated …

Schneider Fixes Zelio Soft 2 Issue

Schneider Electric has an updated version of Zelio Soft 2 that mitigates an use after free vulnerability, according to a report from NCCIC. Successful exploitation of this vulnerability, discovered by 9sg Security Team working with Trend Micro Zero Day …

Siemens Fixes SIPROTEC 5, DIGSI 5 Holes

Siemens has a new version available to handle improper input validation vulnerabilities in its SIPROTEC 5 and DIGSI 5, according to a report with NCCIC. Successful exploitation of these remotely exploitasble vulnerabilities, discovered by Pierre Capill …

Siemens Clears Spectrum Power XSS

Siemens has a software update to handle a cross-site scripting (XSS) vulnerability in its WebSDKcomponent of Spectrum Power 3, 4, 5 and 7, according to a report with Siemens ProductCERT. Ismail Mert AY AK from Biznet Bilisim A.S. and the CISA-Industria …

Siemens Updates TIA Portal Issue

Siemens released an update and provides workarounds and mitigations until the update can be applied for a missing authentication vulnerability in its TIA Administrator, according to a report from Siemens ProductCERT. The vulnerability, discovered by Jo …

Siemens Addresses ZombieLoad Issues

Vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS) affect modern processors from different vendors to a varying degree and Siemens has processors that suffer from the issues, according to a report with Siemens ProductCERT. F …

Siemens Fixes TLS SIMATIC Holes

Siemens has a fix for multiple vulnerabilities in its SIMATIC RF6XXR, according to a report from Siemens ProductCERT. The fixes are related to outdated TLS versions that are still supported by the product. RELATED STORIES Siemens Handline SIMATIC Code …

Siemens Handling SIMATIC Code Upload Hole

Siemens has some fixes and working on others to mitigate a code upload vulnerability in the SIMATIC WinCC DataMonitor web application and the SIMATIC PCS 7, according to a report from Siemens ProductCERT. An attacker has to be authenticated with a vali …

SHARP Award Goes to MT Steel Maker

Billings, Montana-based Teton Steel of Montana is a reinforcing steel company that is employee-owned and locally run serving customers that range from the individual looking to complete a driveway to the huge corporate manager building a super highway. …

British Airways Faces Hefty GDPR Fine

British Airways faces a $230 million fine after a website failure compromised the personal details of half a million customers. To date, this would be the largest penalty yet under the General Data Protection Regulation (GDPR), which came into force la …

Advantech Secures WebAccess/SCADA

Quest, upgrade ready to go, improper input validation vulnerability , KACE Systems Management Appliance, SMA, NCCIC, remotely exploitable vulnerability, discovered by Juan Pablo Lopez Yacubian, could allow an administrative user unintentional access, u …

Sony Attacker gets 27 Months

A man who hacked Sony Online Entertainment and other gaming companies will be doing 27 months in federal prison. Austin Thompson, 23, of Utah received the 27-month sentence Tuesday in federal court in San Diego. RELATED STORIES 6 Busted in Cryptocurren …

Environment Hit by Bourbon Blaze

Aerial video of the Jim Beam warehouse fire in Woodford County.Source: WKYT A fire at a Jim Beam warehouse in Versailles, Kentucky, was in its third day of burning Thursday, as Kentucky officials began assessing the environmental impact the leaking bou …

Tanker Blast Kills 1, Injures 15

An LPG tanker explosion in Turkey left one worker dead and 16 others injured. An explosion on an LPG tanker killed an Italian crew member and injured 16 others at the port of Aliaga in Turkey’s western Izmir province late Monday. Despite the blast, tho …

Pin It on Pinterest