News

New Auto-Maskin Firmware Clears Multiple Holes

New firmware is available to handle multiple vulnerabilities in Auto-Maskin’s RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App), according to a report with CISA. The vulnerabilities are cleartext transmission of sensi …

B&R Industrial Plan to Disable Vulnerability

B&R Industrial Automation GmbH has versions available to disable an improper authorization vulnerability in its Automation Studio and Automation Runtime, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerabilit …

Honeywell Fixes Web Server Issues

Honeywell has a firmware upgrade available to handle authentication bypass by capture-replay and path traversal vulnerabilities in its NOTI-FIRE-NET Web Server (NWS-3), according to a report with CISA. Successful exploitation of these remotely exploita …

Rockwell Working on Fix for FactoryTalk Diagnostics Hole

Rockwell Automation is working to develop updated software that addresses a deserialization of untrusted data vulnerability in its FactoryTalk Diagnostics, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerabil …

Holes in SC Nuke Fuel Factory’s Protective Liner

Inspectors at the Westinghouse nuclear fuel factory near Columbia, South Carolina, found 13 small leaks in a protective liner that is supposed to keep pollution from dripping into the soil and groundwater below the plant. As a result of the discovery, …

The Other Convergence: Physical and Cyber Security

By Gregory Hale Talk abounds across the manufacturing industry about the convergence of IT and OT, and with good reason. The benefits of working with, and culling the knowledge of vastly experienced IT security experts, knows no ends. Having said that, …

Arkema Execs on Trial for Harvey Chemical Release

Chemical company Arkema Inc., its chief executive, a plant manager, and vice president of logistics are facing a criminal trial for endangering the public by allowing for the release of organic peroxides into the air in Texas during and after flooding …

OT Pipeline Attack Shuts Down Compression Facility

A cyberattack hit the control and communication assets on the operational technology (OT) network of a natural gas compression facility forcing it to shut down for two days. An attacker used a spearphishing link to obtain initial access to the organiza …

Honeywell Fixes INNCOM INNControl 3 Hole

Honeywell has a fix available to handle and improper privilege management vulnerability in its INNCOM INNControl 3, according to a report with CISA. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges withi …

GE’s Plan for Ultrasound Vulnerability

GE has recommendations available to handle a protection mechanism failure in its Ultrasound Products, according to a report with CISA. The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk M …

Emerson Clears OpenEnterprise Hole

Emerson has an upgrade available to handle a heap-based buffer overflow in its OpenEnterprise SCADA Server, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerability, discovered by Roman Lozko of Kaspersky ICS …

Spacelabs Mitigation Plan for BlueKeep Vulnerability

Spacelabs recommends updating to the latest release to mitigate an improper input validation vulnerability in its Xhibit Telemetry Receiver, according to a report with CISA. A remote code execution vulnerability called BlueKeep (CVE-2019-0708) exists w …

Purdue Named to Space ISAC

Purdue University is the first university to join a select group of space community leaders as a founding member of the newly formed Space Information Sharing and Analysis Center (ISAC). Dan DeLaurentis, professor of aeronautics and astronautics, will …

TX Gas Line Ruptures, Forces Shelter-in-Place

A ruptured gas line in Texas was shooting 150-foot flames into the air Monday morning, which prompted police to order a shelter-in-place, officials said. While there are no reported injuries or fatalities, traffic was diverted as officials worked to de …

Workarounds, Mitigation for SIPROTEC Line

Siemens has workarounds and mitigations to handle an improper input validation vulnerability in its SIPROTEC 4 and SIPROTEC Compact, according to a report from CISA. This vulnerability, discovered by Tal Keren from Claroty, could allow an attacker to c …

Siemens Fixing SIMATIC S7-1500 Family Issue

Siemens updated its SIMATIC S7-1500 CPU family to handle a resource exhaustion vulnerability, according to a report from CISA. This vulnerability, which Siemens self-reported, could allow a remote attacker to conduct denial-of-service attacks. The foll …

Siemens’ Migration Path for SCALANCE S-600 Series

Siemens has recommendations and a migration path to handle resource exhaustion and cross-site scripting vulnerabilities in its SCALANCE S-600 Firewall, according to a report with CISA. These vulnerabilities could allow a remote attacker to conduct deni …

OH Man Charged with Laundering $300M in Bitcoin

An Ohio man was arrested for his operation of Helix, a Darknet-based cryptocurrency service that laundered over $300 million, federal officials said. Larry Harmon, 36, of Akron, OH, is facing charges in Tuesday’s three-count indictment of money launder …

Huawei Charged in Trade Secret Case

Huawei Technologies Co. Ltd., the world’s largest telecommunications equipment manufacturer, and two U.S. subsidiaries and its chief financial officer are facing charges of conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act (R …

Siemens Updates OZW Web Server

Siemens has an update available to handle an information disclosure vulnerability in its OZW web server, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerability, discovered by Maxim Rupp, could allow unauthen …

Pin It on Pinterest