There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider products, including the Unity Pro development software, the[…]
Browsing Category: Critical Infrastructure
Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents.
Siemens has patched a web vulnerability in its SIMATIC PLC family of products that could have led unsuspecting users to malicious sites
Researchers at Kaspersky Lab today released a detailed analysis of two modules belonging to the Regin malware platform, one for lateral movement, the other a backdoor.
Two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device’s FTP server and configuration file.
An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink[…]
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by[…]
The Industrial Control System CERT released two advisories warning of serious vulnerabilities in Schneider Electric and Emerson industrial gear. Public exploits are available for one flaw.
President Obama signed an Executive Order sanctioning three North Korea defense agencies and 10 individuals for the country’s alleged role in the Sony hack.