Security News > 2022 > June > Icefall: 56 flaws impact thousands of exposed industrial devices
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology equipment used in various critical infrastructure environments.
The Icefall collection has been discovered by security researchers at Forescout's Vedere Labs and it impacts devices from ten vendors.
The type of security flaws included allow remote code execution, compromising credentials, firmware and configuration changes, authentication bypass, and logic manipulation.
Icefall impacts a wide range of devices used in numerous industrial sectors, making them highly attractive especially to state-sponsored adversaries.
To demonstrate their findings and the risk potential, the researchers used a wind power generation and a natural gas transport system, showing where the various Icefall flaws are located and how they could be chained to achieve deeper levels of compromise.
Companies are advised to follow the security advisories from each vendor to learn more details about the specific impact each vulnerability has on an affected product.