Security News

CISA warns water facilities to secure HMI systems exposed online
2024-12-13 19:34

CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. [...]

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems
2022-07-19 01:28

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. The software "Exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said.

Beware of password-cracking software for PLCs and HMIs!
2022-07-18 10:05

Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency mining. Thus, industrial engineers who can't access PLC programming software or an HMI because they don't know the right password occasionally turn to the internet to find a tool to help them crack it.

Vulnerabilities Can Allow Attackers to Remotely Gain Control of Weintek HMIs
2021-03-26 12:22

A cybersecurity researcher who specializes in industrial control systems has identified three types of critical vulnerabilities in products made by human-machine interface manufacturer Weintek. The vulnerabilities can be exploited by a remote, unauthenticated attacker for code execution with root privileges, to remotely access sensitive information and conduct actions on behalf of an admin, and to execute malicious JavaScript code via a stored XSS flaw.

Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems
2021-02-05 13:31

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor's guidelines for security best practices.

Open-source tool for hardening commonly used HMI/SCADA system
2021-02-05 04:00

Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital's CIMPLICITY, one of the most commonly used HMI/SCADA systems. Over the past several months, Otorio's researchers worked closely with GE Digital engineers to deliver a first of its kind open-source tool designed to identify GE CIMPLICITY misconfigurations.

Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels
2021-02-04 04:32

Siemens has released patches for some of its SIMATIC human-machine interface panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device. SIMATIC HMI panels are designed for operator control and the monitoring of machines and plants.

CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products
2021-01-27 18:24

The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities. The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.

Tens of Vulnerabilities Expose WAGO Controllers, HMI Panels to Attacks
2020-03-11 16:01

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company's controllers and human-machine interface panels to remote attacks. He says, attacks exploiting these vulnerabilities can be launched directly from the internet.

Several Vulnerabilities Found in Red Lion HMI Software
2019-09-09 12:04

Researchers have discovered several vulnerabilities, including ones that have been classified as serious, in a human-machine interface (HMI) programming software made by U.S.-based Red Lion. read more