#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

industrial control system | Breaking Cybersecurity News | The Hacker News

Category — industrial control system
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Sep 30, 2024 Operational Technology / Network Security
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher Pedro Umbelino said in a report published last week. Making matters worse, the analysis found that thousands of ATGs are exposed to the internet, making them a lucrative target for malicious actors looking to stage disruptive and destructive attacks against gas stations, hospitals, airports, military bases, and other critical infrastructure facilities. ATGs are sensor systems designed to monitor the level of a storage tank (e.g., fuel tank) over a period of time with the goal of determining leakage and parameters. Exploitation of security flaws in such systems could therefore have
Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

Aug 05, 2024 Network Security / Vulnerability
A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol ( CIP ) programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242 , carries a CVSS v3.1 score of 8.4. "A vulnerability exists in the affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory. "If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis." Operational technology security company Claroty, which discovered and reported the vulnerability, said it developed a technique that made it possible to bypass the trusted slot feature and send malicious commands to the pr
Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Sep 25, 2024Artificial Intelligence / SOC Automation
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn't fully delivered on its potential, leaving SOCs still grappling with many of the same challenges. Enter Agentic AI—a new approach that could finally fulfill the SOC's long-awaited vision, providing a more dynamic and adaptive solution to automate SOC operations effectively. Three Generations of SOAR – Still Falling Short SOAR emerged in the mid-2010s with companies like PhantomCyber, Demisto, and Swimlane, promising to automate SOC tasks, improve productivity, and shorten response times. Despite these ambitions, SOAR found its greatest success in automating generalized tasks like threat intel propagation, rather than core threat detection, investigation, and response (TDIR) workloads.
New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Jul 23, 2024 ICS Malware / Critical Infrastructure
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop , describing it as the first malware strain to directly use Modbus TCP communications to sabotage operational technology (OT) networks. It was discovered by the company in April 2024. "FrostyGoop is an ICS-specific malware written in Golang that can interact directly with Industrial Control Systems (ICS) using Modbus TCP over port 502," researchers Kyle O'Meara, Magpie (Mark) Graham, and Carolyn Ahlers said in a technical report shared with The Hacker News. It's believed that the malware, mainly designed to target Windows systems, has been used to target ENCO controllers with TCP port 502 exposed to the internet. It has not been tied to any previously
cyber security

How to Stay Safe From Insider & User Offboarding Risks

websiteWing SecuritySaaS Security / Insider Threat
Unrevoked permissions for offboarded employees is just one of the risks that can result in data breaches.
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Jul 04, 2024 Vulnerability / Critical Infrastructure
Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher Yuval Gordon said . "The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS." The list of shortcomings is as follows - CVE-2023-2071 (CVSS score: 9.8) - An improper input validation vulnerability that allows unauthenticated attackers to achieve remote code executed via crafted malicious packets. CVE-2023-29464 (CVSS score: 8.2) - An improper input validation vulnerability that allows an unauthenticated threat actor to read data from memory via crafted malicious pac
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Jun 28, 2024 Industrial Security / Critical Infrastructure
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the vulnerabilities include two command injection flaws and two separate authentication and authorization vulnerabilities that could be weaponized by unauthenticated attackers to perform a wide range of malicious actions ranging from authentication bypass to command injection. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities," the U.S. Cybersecurity and Infrastructure Security
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

May 31, 2024 OT Security / Threat Intelligence
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said . The company noted that a cyber attack on an OT system could allow malicious actors to tamper with critical parameters used in industrial processes, either programmatically via the programmable logic controller (PLC) or using the graphical controls of the human-machine interface (HMI), resulting in malfunctions and system outages. It further said that OT systems often lack adequate security mechanisms, making them ripe for exploitation by adversaries and carry out attacks that are "relatively easy to execute," a fact compounded by the additional risks introduced by direc
Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

May 22, 2024 ICS Security / Vulnerability
Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company  said  it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate action to determine whether they have devices that are accessible over the internet and, if so, cut off connectivity for those that are not meant to be left exposed. "Users should never configure their assets to be directly connected to the public-facing internet," Rockwell Automation further added. "Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors." On top of that, organizations are required to ensure that they have adopted the necessar
Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

Aug 02, 2023 ICS/SCADA Security
About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of 2023, down from  681 reported  during the first half of 2022. Of the 670 CVEs, 88 are rated Critical, 349 are rated High, 215 are rated Medium, and 18 are rated Low in Severity. 227 of the flaws have no fixes in comparison to 88 in H1 2022. "Critical manufacturing (37.3% of total reported CVEs) and Energy (24.3% of the total reported) sectors are the most likely to be affected," the OT cybersecurity and asset monitoring company said in a report shared with The Hacker News. Other prominent industry verticals include water and wastewater systems, commercial facilities, communication
CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

May 03, 2023 ICS/SCADA Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday  released  an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as  CVE-2023-2131 , has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity. "Successful exploitation of this vulnerability could allow remote code execution," CISA  said , describing it as a case of command injection affecting versions of INEA ME RTU firmware prior to  version 3.36 . Security researcher Floris Hendriks of Radboud University has been credited with reporting the issue to CISA. Also published by CISA is an  alert  related to multiple known security holes in Intel(R) processors impacting Factory Automation (FA) products from Mitsubishi Electric that could result in privilege escalation and a denial-of-service (DoS) condition. The development comes as the agency  recommended  criti
CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products

CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products

Apr 07, 2023 Industrial Control System
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published   eight  Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is  CVE-2022-3682  (CVSS score: 9.9), impacting Hitachi Energy's MicroSCADA System Data Manager SDM600 that could allow an attacker to take remote control of the product. The flaw stems from an issue with file permission validation, thereby permitting an adversary to upload a specially crafted message to the system, leading to arbitrary code execution. Hitachi Energy has released SDM600 1.3.0.1339 to  mitigate  the issue for SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291). Another set of five critical vulnerabilities –  CVE-2023-28400 ,  CVE-2023-28716 ,  CVE-2023-28384 ,  CVE-2023-29169 , and  CVE-2023-29150  (CVSS scores: 9.9) – relate to command injection bugs present in mySCADA my
CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

Mar 22, 2023 ICS/SCADA Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS)  advisories  on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are affected by the issues. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code," CISA  said . At the top of the list is  CVE-2023-1133  (CVSS score: 9.8), a critical flaw that arises from the fact that InfraSuite Device Master accepts unverified UDP packets and  deserializes the content , thereby allowing an unauthenticated remote attacker to execute arbitrary code. Two other deserialization flaws,  CVE-2023-1139  (CVSS score: 8.8) and  CVE-20
Honeypot-Factory: The Use of Deception in ICS/OT Environments

Honeypot-Factory: The Use of Deception in ICS/OT Environments

Feb 13, 2023 OT and ICS Security
The recently published Security Navigator report of Orange Cyberdefense shows there has been a  rapid increase of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point.  Though the data does not indicate at this point that a lot of threat actors specifically target industrial systems – in fact, most evidence points to purely opportunistic behaviour – the tide could turn any time, once the added complexity of compromising OT environments promises to pay off. Criminals will take any chance they get to blackmail victims into extortion schemes, and halting production can cause immense damage. It is likely only a matter of time. So cybersecurity for operational technology (OT) is vitally important.  Deception is an effective option to improve threat detection and response ca
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

Jan 18, 2023 ICS/SCADA Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw ( CVE-2022-45092 , CVSS score: 9.9) and command injection ( CVE-2022-2068 , CVSS score: 9.8). Also patched by Siemens is an authentication bypass vulnerability in llhttp parser ( CVE-2022-35256 , CVSS score: 9.8) as well as an out-of-bounds write bug in the OpenSSL library ( CVE-2022-2274 , CVSS score: 9.8) that could be exploited to trigger remote code execution. The German automation company, in December 2022,  released  Service Pack 2 Update 1 software to mitigate the flaws. Separately, a critical flaw has also been revealed in GE Digital's Proficy Historian solution that could result in code execution regardless of
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

Jan 16, 2023 Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS)  advisories  warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,"  according to CISA . This includes CVE-2022-45444 (CVSS score: 10.0), a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access. Also notable are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds write vulnerability (CVE-2022-41989, CVSS score: 9.1) that could result in denial-of-service condition or code execution. The vulnerabilities
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Oct 12, 2022
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (all
Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

Sep 21, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency  said  in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which  said  the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU  is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into consid
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems

Researchers Warn of Critical Flaw Affecting Industrial Automation Systems

Nov 19, 2020
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP ( ENIP ) stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/O applications in North America." "Successful exploitation of this vulnerability could cause a denial-of-service condition, and a buffer overflow may allow remote code execution," the US cybersecurity and infrastructure agency (CISA) said in an  advisory . As of yet, no known public exploits have been found to target this vulnerability. However, "according to public search engines for Internet-connected devices (e.g. shodan.io) there are more than 8,000 ENIP-compatible internet-facing devices." Tracked as CVE-2020-25159 , the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts a
Expert Insights / Articles Videos
Cybersecurity Resources