Security News

The U.S. Cybersecurity and Infrastructure Security Agency has published four Industrial Control Systems advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw and command injection.

An ex-General Electric engineer has been sentenced to two years in prison after being convicted of stealing the US giant's turbine technology for China. New York resident Xiaoqing Zheng, 59, who used to be employed at GE Power and specialized in turbine sealing technology, was convicted of conspiracy to commit economic espionage at the end of March after a jury trial in the Northern District of New York courthouse.

The U.S. Cybersecurity and Infrastructure Security Agency last week published an industrial control system advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay," the agency said in a bulletin on February 24, 2022.

To help ease the transition to the cloud, VMware announced GE Healthcare will leverage VMware SD-WAN, now part of VMware SASE, to seamlessly deliver cloud-based services to GE Healthcare customers. "VMware SD-WAN provides this network overlay to prioritize and move high-fidelity, latency-sensitive data to the cloud and between edge locations. Leveraging VMware SD-WAN enables GE Healthcare to offer rapid, more securely deployed, and easily accessed virtual care solutions."

Several vulnerabilities discovered by Kaspersky researchers in Rockwell Automation software impact industrial products from Schneider Electric, GE and other vendors. The security holes were identified by Kaspersky researchers in Rockwell Automation's ISaGRAF, which is designed for the development of automation products.

The U.S. Cybersecurity and Infrastructure Security Agency has warned of critical security shortcomings in GE's Universal Relay family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16.

The U.S. Cybersecurity & Infrastructure Security Agency is warning of critical-severity security flaws in GE's Universal Relay family of power management devices. GE's UR devices are the "Basis of simplified power management for the protection of critical assets," according to the company.

Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency and GE Grid Solutions inform customers that more than a dozen UR protection and control relays are impacted by a series of vulnerabilities to which 10 different CVE identifiers have been assigned. The vendor has released firmware updates that should patch the vulnerabilities.

A Chinese businessman has been accused by the US government of trying to steal silicon secrets from General Electric. The duo planned to use the stolen trade secrets to set up a competitor in China, it's claimed.

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor's guidelines for security best practices.