Your one-stop web resource providing safety and security information to manufacturers

News

Suspected Ukrainian Hacker Busted

A man that is a suspected computer hacker and has been sought by the United States for at least six years is now under arrest in the Ukraine. Mykhailo Rytikov was placed under arrest in the city of Odessa, in an operation conducted in coordination with …

Johnson Controls has Fix for exacqVision Server

Exacq Technologies, Inc., a subsidiary of Johnson Controls, has an update available to mitigate an unquoted search path or element vulnerability in its exacqVision Server, according to a report from NCCIC. Successful exploitation of this vulnerability, …

Day Trader Guilty of Computer Hacking

A Pennsylvania day trader pleaded guilty Tuesday to conspiring to commit securities fraud and illegally profiting from a series of coordinated trades involving more than 50 hacked online brokerage accounts. Joseph P. Willner, 44, of Ambler, PA, pleaded …

Ex-Microsoft Engineer Busted for Mail Fraud

A former Microsoft software engineer was busted Tuesday and charged with mail fraud for a scheme to steal $10 million in digital currency from Microsoft, federal officials said. Volodymyr Kvashuk, 25, a Ukrainian citizen residing in Renton, Washington, …

Engineer Charged in Train IP Theft

A software engineer at a suburban Chicago locomotive manufacturer stole proprietary information from the company and took it to China, according to an indictment unsealed last week in federal court in Chicago. Xudong Yao, also known as William Yao, 57, …

TÜV Rheinland Expands Testing Scope

Occupational Safety and Health Administration (OSHA) expanded its scope of recognition for TÜV Rheinland of North America, Inc. as a Nationally Recognized Testing Laboratory (NRTL). Effective June 5, the expanded scope of recognition includes two addit …

Chemical Spill at IL Tootsie Roll Factory

A corrosive chemical leaked from a plastic pipe at a Tootsie Roll plant in Ford City on the Southwest Side of Chicago early Wednesday, prompting a hazardous materials response from the Chicago Fire Department. Crews were sent to the 7400 block of Cicer …

Advice on Connecting an IoT Device

The NIST report helps an organization consider cybersecurity and privacy risks that emerge when IoT devices link to a network.Source: M. Bigham/Huntington Ingalls Industries, N. Hanacek/NIST In a continuing move to help all Internet of Things (IoT) use …

Schneider Fixes Floating License Manager

Schneider Electric has an upgrade available to handle improper validation and memory corruption vulnerabilities in its Floating License Manager, according to a report with NCCIC. These remotely exploitable vulnerabilities could allow an attacker to den …

AVEVA Handles Floating License Manager Issue

AVEVA has an upgrade plan to handle an improper input validation and memory corruption vulnerabilities in its Vijeo Citect and Citect SCADA Floating License Manager, according to a report with NCCIC. These vulnerabilities could allow an attacker to den …

Philips has Plan to Fix Holter 2010 Plus Hole

Philips has a plan to handle a use of obsolete function vulnerability in its Holter 2010, according to a report with NCCIC. Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. Philips self-re …

GE Mitigation Plan for Anesthesia Devices

GE has recommendation and will provide updates and additional security information on an improper authentication vulnerability in its Aestiva and Aespire Anesthesia devices, according to a report with NCCIC. Successful exploitation of this vulnerabilit …

Emerson Patches DeltaV DCS

Emerson has a patch available to mitigate a use of hard-coded credentials vulnerability in its DeltaV Distributed Control System (DCS), according to a report with NCCIC. Successful exploitation of this vulnerability, discovered by Benjamin Crosasso of …

Rockwell Fills Hole in PanelView 5510

Rockwell Automation has updated software to handle an improper access control vulnerability in its PanelView 5510, according to a report with NCCIC. Successful exploitation of this remotely exploitable vulnerability could allow a remote unauthenticated …

Schneider Fixes Zelio Soft 2 Issue

Schneider Electric has an updated version of Zelio Soft 2 that mitigates an use after free vulnerability, according to a report from NCCIC. Successful exploitation of this vulnerability, discovered by 9sg Security Team working with Trend Micro Zero Day …

Siemens Fixes SIPROTEC 5, DIGSI 5 Holes

Siemens has a new version available to handle improper input validation vulnerabilities in its SIPROTEC 5 and DIGSI 5, according to a report with NCCIC. Successful exploitation of these remotely exploitasble vulnerabilities, discovered by Pierre Capill …

Siemens Clears Spectrum Power XSS

Siemens has a software update to handle a cross-site scripting (XSS) vulnerability in its WebSDKcomponent of Spectrum Power 3, 4, 5 and 7, according to a report with Siemens ProductCERT. Ismail Mert AY AK from Biznet Bilisim A.S. and the CISA-Industria …

Siemens Updates TIA Portal Issue

Siemens released an update and provides workarounds and mitigations until the update can be applied for a missing authentication vulnerability in its TIA Administrator, according to a report from Siemens ProductCERT. The vulnerability, discovered by Jo …

Siemens Addresses ZombieLoad Issues

Vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS) affect modern processors from different vendors to a varying degree and Siemens has processors that suffer from the issues, according to a report with Siemens ProductCERT. F …

Siemens Fixes TLS SIMATIC Holes

Siemens has a fix for multiple vulnerabilities in its SIMATIC RF6XXR, according to a report from Siemens ProductCERT. The fixes are related to outdated TLS versions that are still supported by the product. RELATED STORIES Siemens Handline SIMATIC Code …

Pin It on Pinterest