There has been an update on ICS vendors offering updates for critical infrastructure asset owners/operators affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

ABB Fixes netCADOPS Web Application Hole
ABB Creates Fix for TropOS KRACK Attacks
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities

The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations for users:
Becton, Dickinson and Company (BD)
Beckman Coulter
Emerson (account required for login)
General Electric (account required for login, reference ID 000020832)
Johnson and Johnson
Rockwell Automation (account required for login)
Schneider Electric
Smiths Medical

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

Schneider Bold

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. 

Pin It on Pinterest

Share This