Your one-stop web resource providing safety and security information to manufacturers

GCA Launches Security Platform for IoT Devices

The Global Cyber Alliance (GCA) launched the Automated IoT Defence Ecosystem (AIDE), a cybersecurity development platform for Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers and individuals to identify...

read more

Johnson Controls Fixes Metasys Holes

Johnson Controls has an upgrade to mitigate reusing a nonce, key pair in encryption, and use of hard-coded cryptographic key vulnerabilities in its Metasys, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities,...

read more

Fuji Electric Fixes Alpha5 Buffer Overflow

Fuji Electric has a new version to handle a stack-based buffer overflow vulnerability in its Alpha5 Smart Loader, according to a report with CISA. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the...

read more

Siemens Updates SCALANCE Holes

Siemens has an update available to handle improper adherence to coding standards vulnerabilities in its SCALANCE products, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities, which Siemens self-reported, could lead...

read more

Siemens Fixes SINAMICS Hole

An update is available to mitigate an uncontrolled resource consumption vulnerability in Siemens’ SINAMICS, according to a report with CISA. Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, may allow an attacker to...

read more

No Security, Just Risk Measurement

By Gregory Hale Safety and security have differences, but in the end they focus on measuring risk and how that applies to what you are trying to protect. “There is no such thing as security, it is just the measurement of risk,” said Chris Roberts, chief security...

read more

Mitsubishi Electric RTU PoC Code Released

There is a public report of vulnerabilities with proof-of-concept (PoC) exploit code affecting Mitsubishi Electric smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products, according to a report with CISA. There are...

read more

Delta Electronics Mitigates HMI Issue

Delta Electronics has mitigations available to handle out-of-bounds read and use after free vulnerabilities in its Industrial Automation DOPSoft, according to a report with CISA. Successful exploitation of these remotely exploitable vulnerabilities may allow...

read more

OSIsoft Upgrade Clears PI Web API Holes

OSIsoft LLC has an upgrade available to mitigate inclusion of sensitive information in log files and protection mechanism failure vulnerabilities in its PI Web API, according to a report from CISA. Successful exploitation of these remotely exploitable vulnerabilities,...

read more

Siemens Fixes SCALANCE X Switch Hole

Siemens has workarounds and mitigations to handle an uncontrolled resource consumption vulnerability in its SCALANCE X switches, according to a report with the Cybersecurity and Infrastructure Security Agency (CISA). Successful exploitation of this remotely...

read more

IL Silicone Plant Blast Finds No Cause

The May 3 explosion at AB Specialty Silicones of Waukegan, IL, that left four workers dead is nearing completion, and there is no definitive cause for the blast that also destroyed the plant, Waukegan fire officials said. The cause may never be known, said Waukegan...

read more

Russian Nuclear Incident Kills 5

The failed test that ended in an explosion that left five atomic scientists dead last week along Russia’s White Sea involved a small nuclear power source, according to a top official at the institute where they worked. The men “tragically died while testing a new...

read more

Fatal NC Gas Blast an Accident: Report

An April 10 explosion that killed two people and injured 25 others after a natural gas pipeline ruptured in downtown Durham, NC, was an accident. The report follows a three-month investigation by Durham Fire Department officials in which more than 25 people were...

read more

Update to Wind River VxWorks Issues

Wind River has an update for the multiple vulnerabilities in its VxWorks, according to a report with US-CERT. The vulnerabilities are a stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of...

read more

Hacking a Siemens PLC

By Gregory Hale It is possible to hack into Siemens S7-1500 programmable logic controllers (PLC), researchers said. By exploiting vulnerabilities, including the use of the same key on all of the S7-1500 PLCs, researchers were able to get into the systems and take...

read more

Culture Key for Secure Environment

By Gregory Hale It wasn’t that long ago when Dino Dai Zovi learned the art of leverage and how just one worker can level the playing field against a behemoth. It all came during a capture the flag tournament at a Def Con conference years ago when he was working on his...

read more

Security Must Learn to Communicate

By Gregory Hale Now that security has the attention of the leadership like the C-suite and the board, now it has to learn how to communicate. "If we communicate well to the board you might get more budget. If you communicate poorly you might get fired,” said Jeff...

read more

KY Gas Pipeline Blast Cause Could Take a Year

A final report on the Lincoln County, KY, gas pipeline that exploded and killed one woman and injured scores of others could take over a year to complete, federal officials said. The National Transportation Safety Board (NTSB) is leading the investigation with help...

read more

Fukushima Exhaust Stack Coming Down

Delicate work got under way last Thursday at the crippled Fukushima No. 1 nuclear power plant to dismantle an unstable exhaust stack so highly contaminated by radiation the task must be done by remote control. Initial plans had called for the work to start in March,...

read more

Honda Fixes Database Open on Internet

Honda Motor Company fixed a database related to the internal network and computers discovered on Shodan that had no authentication, a researcher said. The information available in an ElasticSearch database appeared to be an inventory of all Honda internal machines,...

read more

Pin It on Pinterest

Share This