Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability.
Tag Archives: Critical Infrastructure
Series of Buffer Overflows Plague Many Yokogawa ICS Products
There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution. The bugs affect a long list of the company’s products, which are used in a variety of industries around the world. The Yokogawa products are mainly control systems, plant-management systems, event-analysis […]
Turla APT Group Abusing Satellite Internet Links
Researchers at Kaspersky Lab have revealed that the Turla APT gang is using satellite-based Internet links to hide command-and-control activities.
Government Releases Policy on Vulnerability Discovery and Disclosure
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as […]
NSF Awards $6M Grants for Internet of Things Security
The National Science Foundation awarded $6 million in grants to fund projects working toward securing networked things.
Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products
There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by German firm Endress+Hauser that can cause affected products to hang indefinitely.
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
APT Group Gets Selective About Data it Steals
Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.
Census Project Identifies Open Source Tools at Risk
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
TCP Vulnerability Haunts Wind River VxWorks Embedded OS
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water, […]