An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy.
Tag Archives: SCADA
Irongate — New Stuxnet-like Malware Targets Industrial Control Systems
Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.
Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed “IRONGATE,” affects
Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks
Research presented during Black Hat Europe demonstrates how attackers can abuse business applications connected to ICS and SCADA gear.
Unsupported Honeywell Experion PKS Vulnerable to Public Attacks
Unsupported versions of Honeywell distributed control system software are vulnerable to publicly available remote exploits.
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway
Two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device’s FTP server and configuration file.
Researcher Releases Database of Known-Good ICS and SCADA Files
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]
Buffer Overflow Haunts Advantech WebAccess SCADA Product
The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution. Advantech WebAccess is a SCADA and human-machine interface product that’s accessible over the Web. It’s used in a variety of industries, including energy, manufacturing, government and the commercial sector. The vulnerability affects […]
BlackEnergy Malware Used in Attacks Against Industrial Control Systems
Attackers are using BlackEnergy malware to attack HMI software running inside industrial control systems, according to an advisory from ICS-CERT.
Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.