Your one-stop web resource providing safety and security information to manufacturers

Critical infrastructure asset owners/operators are learning about which vendors ended up affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

WECON Clears HMI Editor Issues
New Firmware for Moxa’s MXview
Phoenix Contact Clears FL SWITCH Holes
Rockwell Clears MicroLogix Controller Hole

The following product vendors reported they support products that use affected CPUs and have issued customer notifications with recommendations for users:
Becton, Dickinson and Company (BD)
Rockwell Automation (account required for login) 

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

Schneider Bold

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. 

Pin It on Pinterest

Share This