Security News

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. The software "Exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said.

Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency mining. Thus, industrial engineers who can't access PLC programming software or an HMI because they don't know the right password occasionally turn to the internet to find a tool to help them crack it.

A cybersecurity researcher who specializes in industrial control systems has identified three types of critical vulnerabilities in products made by human-machine interface manufacturer Weintek. The vulnerabilities can be exploited by a remote, unauthenticated attacker for code execution with root privileges, to remotely access sensitive information and conduct actions on behalf of an admin, and to execute malicious JavaScript code via a stored XSS flaw.

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor's guidelines for security best practices.

Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital's CIMPLICITY, one of the most commonly used HMI/SCADA systems. Over the past several months, Otorio's researchers worked closely with GE Digital engineers to deliver a first of its kind open-source tool designed to identify GE CIMPLICITY misconfigurations.

Siemens has released patches for some of its SIMATIC human-machine interface panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device. SIMATIC HMI panels are designed for operator control and the monitoring of machines and plants.

The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities. The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company's controllers and human-machine interface panels to remote attacks. He says, attacks exploiting these vulnerabilities can be launched directly from the internet.

Researchers have discovered several vulnerabilities, including ones that have been classified as serious, in a human-machine interface (HMI) programming software made by U.S.-based Red Lion. read more

Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be...