• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Over 50 OT:ICEFALL Vulnerabilities Risk Numerous Industrial Devices
Security

Over 50 OT:ICEFALL Vulnerabilities Risk Numerous Industrial Devices

July 1, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Researchers have discovered greater than 50 totally different safety vulnerabilities affecting a whole lot of commercial units. Recognized as OT:ICEFALL, these vulnerabilities primarily exist in operational expertise (OT) industrial units from 10 totally different distributors. Therefore, industries utilizing susceptible OT units should apply mitigation methods to keep away from potential exploits.

About OT:ICEFALL Vulnerabilities Threatening Industrial Units

In accordance with a latest report from Forescout Vedere Labs, quite a few operational units from the next ten distributors are riddled with OT:ICEFALL vulnerabilities. The researchers named the issues “Icefall” after the second cease on Everest after Base Camp.

Relating to the susceptible units and distributors, the researchers have shared the next record. It mentions solely 9 distributors, because the tenth vendor uncovered to 4 vulnerabilities continues to be beneath disclosure.

  • Bently Nevada: 3700, TDI tools (situation displays)
  • Emerson: DeltaV and Ovation (distributed management system), OpenBSI (engineering workstation), ControlWave, BB 33xx, ROC (distant terminal unit), Fanuc, PACsystems (programmable logic controller)
  • Honeywell: Pattern IQ (constructing controller), Security Supervisor FSC (security instrumented system), Experion LX (distributed management system), ControlEdge (distant terminal unit), Saia Burgess PCD (programmable logic controller)
  • JTEKT: Toyopuc (programmable logic controller)
  • Motorola: MOSCAD, ACE IP gateway (distant terminal unit), MDLC (protocol), ACE1000 (distant terminal unit), MOSCAD Toolbox STS (engineering workstation)
  • Omron: SYSMAC Cx sequence, Nx sequence (programmable logic controller)
  • Phoenix Contact: ProConOS (logic runtime)
  • Siemens: WinCC OA (SCADA)
  • Yokogawa: STARDOM (programmable logic controller)

The researchers have shared an in depth technical report sharing their evaluation. Briefly, they found 56 totally different vulnerabilities that predominantly fall into the next classes.

  • Distant code execution
  • Denial of service (DoS)
  • File/firmware/configuration manipulation
  • Authentication bypass
  • Compromise of credentials

Supply: Forescout

These “insecure-by-design” vulnerabilities demand utmost consideration for the reason that prison hackers are all the time trying to find such bugs to compromise industries through malware, comparable to TRITON, Industroyer2, and others. As said of their publish,

Abusing all these insecure-by-design, native capabilities of OT tools is the popular modus operandi of real-world industrial management system (ICS)… These vulnerabilities, and the confirmed want for attackers to take advantage of them, reveal the necessity for strong, OT-aware community monitoring and deep-packet-inspection (DPI) capabilities.

Really helpful Mitigations

The susceptible units have an effect on the economic management methods globally. Therefore, industries should scan their infrastructure to detect the existence of susceptible tools and patch the bugs. Some mitigation methods that researchers advocate embody,

  • Uncover and stock susceptible units
  • Implement segmentation controls and correct community hygiene
  • Monitor progressive patches launched by affected system distributors
  • Monitor all community site visitors for malicious packets
See also  Industrial headset maker RealWear to go public via SPAC with Seattle investment bank – Startup

Furthermore, the researchers additionally spotlight the numerous disadvantage of certifying insecure-by-design merchandise that may impart a false sense of innate safety. Thus, companies should attempt their greatest to obtain secure-by-design merchandise. On the similar time, distributors ought to enter most efforts towards product safety. Collectively, all entities should work in the direction of creating an setting specializing in “strong” as a substitute of “merely useful” safety controls.

Source link

Devices Industrial Numerous OTICEFALL risk vulnerabilities
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Runaway AI Is an Extinction Risk, Experts Warn

May 30, 2023

Industrial headset maker RealWear to go public via SPAC with Seattle investment bank – Startup

February 6, 2023

How Apple privacy changes have forced social media marketing to evolve

October 16, 2022

Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

October 16, 2022
Add A Comment

Comments are closed.

Editors Picks

Just Dance 2023 launches November, will have online multiplayer

September 12, 2022

Huawei Watch GT 4 review

October 2, 2023

TikTok moderators say they were trained with child sexual abuse content

August 6, 2022

Blizzard won’t host a third Overwatch 2 beta test ahead of its October release

August 5, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.