Your one-stop web resource providing safety and security information to manufacturers

News

Rockwell Updates PowerMonitor 1000 Fix

Rockwell Automation has an update for a fix of cross-site scripting and authentication bypass vulnerabilities in its Allen-Bradley PowerMonitor 1000, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities …

Rockwell Updates Arena Simulation Software Fix

Rockwell Automation has an update on its fixed use after free, information exposure, type confusion, and insufficient UI warning of dangerous operations vulnerabilities in its Arena Simulation Software, according to a report with CISA. Successful explo …

BD Fixes Pyxis Platform

Becton, Dickinson and Company (BD) remediated a session fixation vulnerability in its Pyxis medication management platform, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerability, which BD self-reported, cou …

Red Lion Controls Clears Crimson Holes

Red Lion Controls has a migration path to handle multiple vulnerabilities in its Crimson Windows configuration software, according to a report with CISA. The vulnerabilities are a use after free, improper restriction of operations within the bounds of …

Chem Plant Shut to ‘Improve Reliability’

After a series of flaring incidents and area residents concerned about their safety, the Mossmorran Ethylene Plant halted work. ExxonMobil and Shell UK, who jointly operate the plant, said they were extending the shutdown until the fourth quarter in or …

Fatal Fire at Oil-Gas Plant in India

At least five people were killed and eight others injured in a fire that broke out an Oil and Natural Gas Corporation’s (ONGC) oil and gas processing plant at Navi Mumbai’s Uran Tuesday. As a result of the 7 a.m. incident Tuesday, gas has been diverted …

EZAutomation Clears PLC Editor Hole

EZAutomation has a new version available to mitigate an improper restriction of operations within the bounds of a memory buffer vulnerability in its EZ PLC Editor, according to a report with CISA. Successful exploitation of this vulnerability could all …

EZAutomation EZ Touch Editor Fixed

EZAutomation has a new version available to mitigate a stack-based buffer overflow in its EZ Touch Editor, according to a report with CISA. Successful exploitation of this vulnerability, discovered by 9sg Security Team working with Trend Micro’s Zero D …

Switch Upgrade Attempt Leads to Refinery Unit Downtime

By John Cusimano A refinery attempted to upgrade their almost 10-year-old process control network (PCN) switches in one unit during a planned maintenance window. The new switches were updated models made by the same manufacturer as the legacy switches. …

OR Door Maker a SHARP Graduate

For Kevin Emerick, workplace safety is not a box to check, it is about people. It is about sending workers home to their families safe after the workday. “With the median tenure at our company at almost 25 years, we are family, and the last thing you w …

Details Release of KY Pipeline Blast

While the cause of the fatal Texas Eastern pipeline explosion in Lincoln County, KY, has not yet been determined, more details released on issues that led up to the blast that killed one person, injured six others, and destroyed five homes Aug. 1. In a …

Remaining Fukushima Nukes to Undergo Decommissioning

Tokyo Electric Power Company (TEPCO) will decommission its Fukushima Daini nuclear plant, located a few kilometers south of the devastated Daiichi plant where three reactors melted down after an earthquake and tsunami hit in 2011. TEPCO’s board Wednesd …

Firing Imminent: OH Man Charged with Blocking IT System

Upon learning he was about to be fired, a Lorain, Ohio, man shut down the company’s web site and blocking access to email, and now he is facing charges, federal officials said. Austyn Keaton, 28, was indicted and charged with one count of damaging prot …

Ex-Tech Worker Charged in Capital One Data Theft

A former Seattle technology company software engineer was indicted Wednesday on two counts related to her unauthorized intrusion into stored data of more than 30 different companies, including Capital One. Paige A Thompson, aka erratic, 33, will be arr …

Philips has Plan for Ultrasound Hole

Philips has a plan to mitigate an use of obsolete function vulnerability in its HDI 4000 Ultrasound Systems, according to a report with CISA. Public exploits are available and the vulnerability is exploitable from within the same local subnet. Successf …

Houston Agrees to Fix Sewer, Wastewater Plants

Houston officials agreed to resolve longstanding problems with sanitary sewer overflows (SSOs) and discharges of pollutants in excess of permitted limits from the city’s 39 wastewater treatment plants. The agreement, upon final approval by a U.S. Distr …

Oil Industry Targeted by Threat Group

Oil and gas and possibly telecommunications sectors have been the target of a threat group, researchers said. The Lyceum threat group focuses on obtaining and expanding access within a targeted network, said researchers at Dell Secureworks Counter Thre …

Pharma Security: Learning to Manage the Network

By Rick Kaun A large pharmaceutical/medical device manufacturer with dozens of plants across the world needed to manage vulnerabilities and its security posture in manufacturing networks. They had tried traditional IT tools such as vulnerability scanni …

NRC OKs License Transfer for MA Nuke

The transfer of the Pilgrim Nuclear Power Station license from Entergy Nuclear Operations Inc., to Holtec International, as owner, and Holtec Decommissioning International, as decommissioning operator just received approval from the Nuclear Regulatory …

Datalogic Fixes Linear Barcode Scanner Hole

Datalogic released new firmware to mitigate an authentication bypass using an alternate path or channel vulnerability in its AV7000 Linear Barcode Scanner, according to a report with CISA. Successful exploitation of this vulnerability could allow a rem …

Pin It on Pinterest