An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy.
Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.
Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed “IRONGATE,” affects
Research presented during Black Hat Europe demonstrates how attackers can abuse business applications connected to ICS and SCADA gear.
Unsupported versions of Honeywell distributed control system software are vulnerable to publicly available remote exploits.
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
Two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device’s FTP server and configuration file.
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]
The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution. Advantech WebAccess is a SCADA and human-machine interface product that’s accessible over the Web. It’s used in a variety of industries, including energy, manufacturing, government and the commercial sector. The vulnerability affects […]
Attackers are using BlackEnergy malware to attack HMI software running inside industrial control systems, according to an advisory from ICS-CERT.
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.