< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 10 of 18

ServiceNow’s $7.75B Armis Buy Signals Platform Shift

🔐 ServiceNow announced a $7.75 billion cash acquisition of cybersecurity vendor Armis, its largest deal to date, aiming to integrate device and asset visibility into its AI-driven workflow platform. Executives say the purchase will create an end-to-end security exposure and operations stack that ties discovery, governance, and remediation across IT, OT, IoT and edge. Analysts welcomed the move but warned it may push organizations from best-of-breed tools toward suite consolidation, and that full integration will take time.
read more →

Romanian National Water Authority Hit by Ransomware

🔒 Romanian Waters (Administrația Națională Apele Române) reported a ransomware incident over the weekend that affected roughly 1,000 computer systems across the national authority and 10 of its 11 regional offices. Investigators said servers running GIS, databases, email, web services, Windows workstations and DNS were impacted, while operational technology and water infrastructure controls remained operational. Authorities reported attackers used the built-in Windows BitLocker feature to lock files and left a ransom note demanding contact within seven days; the investigation is ongoing.
read more →

Siemens Interniche IP-Stack TCP Sequence Vulnerability

⚠️Siemens warns of a TCP sequence validation flaw in the Interniche IP-Stack (CVE-2025-40820) that can allow unauthenticated remote actors to interfere with TCP connection setup and cause denial of service. The defect accepts a broad range of sequence values, permitting precisely timed spoofed packets to disrupt TCP-based services. Siemens has released fixes for many affected SKUs and recommends updating to the published firmware versions; where fixes are not yet available, follow the vendor’s countermeasures and apply network controls to limit exposure.
read more →

Rockwell Micro800 Controllers: IPv6 and CIP DoS Flaws

🔒 CISA warns of two denial-of-service vulnerabilities in Rockwell Automation Micro820, Micro850, and Micro870 controllers (CVE-2025-13823, CVE-2025-13824) that can render devices unresponsive. One flaw is in the IPv6 stack and the other stems from improper handling of malformed CIP packets; both can cause faults that impact availability. Rockwell Automation has released firmware updates (Micro820 L20E V23.011 or later; Micro850/870 V12.013 or later) and advises disabling IPv6 if not required. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using secure remote access methods.
read more →

Advantech WebAccess/SCADA: Multiple Vulnerabilities

🔒 CISA disclosed multiple vulnerabilities in Advantech WebAccess/SCADA affecting version 9.2.1 that could allow an authenticated attacker to read, modify, or delete remote database files. Reported issues include path traversal, unrestricted file upload, absolute path traversal, and SQL injection across several CVEs. Advantech has released WebAccess/SCADA 9.2.2 to address these flaws; operators should prioritize applying the update and hardening network access.
read more →

Schneider Electric: WSUS Vulnerability in Foxboro DCS

⚠️ Schneider Electric warns that a Microsoft WSUS vulnerability (CVE-2025-59287, CWE-502) impacts EcoStruxure™ Foxboro DCS Advisor and may allow remote code execution with system-level privileges (CVSS 3.1 9.8). Microsoft fixes (KB5070882, KB5070884) are available via WSUS and may require a reboot to complete installation. Apply the patches promptly, verify installation with Schneider Electric Global Customer Support, and follow recommended network isolation and access-control measures to reduce exposure.
read more →

Ignition Vulnerability Allows Unnecessary SYSTEM Execution

⚠️ Inductive Automation Ignition contains a Python scripting vulnerability (CVE-2025-13911) that can allow direct SYSTEM-level code execution on Windows hosts running the Ignition Gateway. The issue stems from insufficient controls on which Python libraries and scripts can be imported and executed, and the Ignition service account running with excessive SYSTEM privileges. A malicious project uploaded by an authenticated administrator can execute bind shells or similar payloads with Gateway process privileges. Inductive Automation identifies affected releases as 8.1.x and 8.3.x and provides mitigations on its Trust Portal; CISA rates the flaw CVSS 3.1 6.4 and recommends network segmentation and reduced exposure.
read more →

ICONICS/Mitsubishi Electric Keypad Code Execution Bug

⚠️ CISA reports CVE-2025-11774, a high-severity vulnerability in the software 'keypad' function of ICONICS Suite, GENESIS64, MobileHMI, and MC Works64. An attacker who tampers with the keypad configuration file can trigger execution of arbitrary EXE files when a legitimate user uses the keypad, enabling information disclosure, tampering, deletion, or a denial-of-service. The issue is rated CVSS 3.1 8.2 (CWE-78). Upgrade affected ICONICS products to GENESIS64 v10.97.3 or V11; MC Works64 users should migrate per vendor guidance.
read more →

Mitsubishi GT Designer3 Cleartext Credential Exposure

🔒 Mitsubishi Electric's GT Designer3 (Version1 for GOT2000 and GOT1000) stores project credentials in cleartext (CVE-2025-11009), allowing an attacker with access to a project file to recover plaintext credentials and illegitimately operate affected GOT devices. The issue is classified as Cleartext Storage of Sensitive Information (CWE-312) and has a CVSS v3.1 base score of 5.1 (Medium). Mitsubishi recommends limiting use to trusted LANs, blocking remote logins, using firewalls, VPNs, and antivirus, and avoiding untrusted files or links; CISA advises isolating control networks and minimizing internet exposure.
read more →

Johnson Controls PowerG Vulnerabilities and Mitigations

🔒 CISA warns that multiple vulnerabilities in Johnson Controls PowerG implementations could let attackers read, modify, or replay encrypted wireless traffic. Affected devices include IQPanel 4, legacy IQPanel 2/2+, and IQHub with referenced CVEs CVE-2025-61738, CVE-2025-61739, CVE-2025-26379, and CVE-2025-61740. Vendor fixes (IQPanel 4.6.1, PowerG v53.05+) and secure enrollment practices are recommended, and end-of-life hardware should be replaced.
read more →

Legacy BMS Exposure: Over 1,000 Buildings at Systemic Risk

⚠️ The Black Hat Europe 2025 talk by Gjoko Krstic of Zero Science Lab revealed that a widely deployed building management system, evolved through multiple acquisitions, now exposes over 1,000 buildings on public IPs and contains numerous long-standing vulnerabilities. Many issues trace back to an 18-year-old firmware codebase and to fixes that patched symptoms rather than root causes. The vendor recommends securing the platform behind a VPN; organizations should audit, patch and restrict access immediately.
read more →

Resilience and Security for Water Utilities in 2025

🔒 Modern water and wastewater systems face accelerating cyber threats as utilities adopt remote sensors, cloud telemetry, and integrated SCADA. Critical safeguards—multi-factor authentication, network segmentation, and unified IT/OT visibility—are often missing, increasing risk from nation-state actors and ransomware. Utilities should prioritize comprehensive asset inventories, containment architectures, anomaly detection (e.g., FortiNDR, FortiSIEM), and regularly tested recovery plans to meet rising federal expectations.
read more →

Siemens SALT TLS Certificate Validation Vulnerability

🔒The Siemens SALT SDK used by multiple engineering and simulation products fails to validate server TLS certificates, creating a risk of man-in-the-middle attacks by unauthenticated remote actors. Assigned CVE-2025-40801 with a CVSS v4 base score of 9.2, the issue affects COMOS, NX, Simcenter, Tecnomatix and others. Siemens has published updates for some versions while several products currently have no available fix; affected systems should be isolated, patched where possible, and protected behind properly configured firewalls and secure remote access solutions.
read more →

Siemens IAM Client TLS Certificate Validation Flaw

⚠️ The Siemens IAM client used across several engineering products contains an improper certificate validation flaw (CVE-2025-40800) that can enable unauthenticated remote man-in-the-middle attacks. CISA lists a CVSS v4 score of 9.1, indicating severe impact and remote exploitability, and also reports a CVSS v3.1 score of 7.4. Affected products include COMOS V10.6, NX (pre-2412.8700 / pre-2506.6000), Simcenter 3D, Simcenter Femap, and Solid Edge SE2025/SE2026; Siemens has issued patched versions for most items, though COMOS V10.6 currently has no fix. CISA and Siemens recommend applying available updates, isolating control networks, and minimizing direct internet exposure.
read more →

Siemens ACC-AP Firmware Signature Verification Flaw

🔒 Siemens' Building X - Security Manager Edge Controller (ACC-AP) contains an improper verification of cryptographic signature in its firmware update process that could permit installation of maliciously modified firmware. Tracked as CVE-2022-31807 and affecting all ACC-AP versions, the flaw may be exploited by a local attacker or by an adversary able to intercept firmware transfers. Siemens reports no planned fix for this product; operators should use the ACC Firmware App, validate firmware hashes, restrict controller access, and isolate devices from untrusted networks as compensating controls.
read more →

Siemens SINEMA Remote Connect Server Vulnerabilities

⚠️ Siemens has released a security advisory for SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP4. Two vulnerabilities allow authenticated users with local or network access to read private TLS keys (incorrect permission assignment) and to bypass license enforcement via direct database modification (incorrect authorization). CISA lists CVE-2025-40818 (CVSS 3.3) and CVE-2025-40819 (CVSS 4.3). Apply the vendor update to V3.2 SP4 or later and follow recommended network-hardening measures.
read more →

Siemens Gridscale X Prepay: Authentication and Enumeration

🔒 Siemens Gridscale X Prepay versions prior to 4.2.1 contain two remotely exploitable authentication-related vulnerabilities that present low attack complexity. CVE-2025-40806 enables user enumeration via observable response discrepancies, and CVE-2025-40807 permits capture-replay authentication bypass allowing locked-out users to re-establish sessions. Siemens advises contacting local representatives and following SSA-356310 guidance; CISA recommends isolating devices, minimizing network exposure, and using secure remote access methods such as updated VPNs.
read more →

Pro-Russia Hacktivists Exploit OT Exposures in US Now

🚨 A joint advisory from CISA, the FBI, the NSA and partners warns of a surge in pro‑Russia hacktivist activity exploiting exposed VNC and other internet-facing OT interfaces to breach systems across US water, food production and energy sectors. Low-skilled groups such as CARR, NoName057(16), Z-Pentest and Sector16 employ port scans, brute-force password guessing and simple reconnaissance tools to capture screenshots, alter parameters, disable alarms and force costly manual recoveries.
read more →

Pro-Russia Hacktivists Target Critical Infrastructure

⚠️ This joint advisory from CISA, FBI, NSA, and international partners details opportunistic intrusions by pro‑Russia hacktivist groups—CARR, NoName057(16), Z‑Pentest, and Sector16—against OT/ICS environments. Actors are exploiting internet‑exposed VNC services, using open‑source scanning and brute‑force tools to access HMI devices with default or weak credentials, causing loss of view, configuration changes, and operational downtime. The advisory urges organizations to reduce public exposure, apply network segmentation, enforce strong authentication (MFA where feasible), harden device credentials, and follow secure‑by‑design guidance for OT products.
read more →

CISA, FBI Warn: Protect Critical Infrastructure Now

🚨 CISA, the FBI, NSA, DOE, EPA, DOD’s DC3, and international partners issued a joint advisory alerting operators that pro‑Russia hacktivist groups are conducting opportunistic, low‑sophistication attacks against U.S. and global critical infrastructure. These actors exploit internet‑facing OT components (notably VNC and SCADA) and sometimes combine intrusions with DDoS. The advisory urges immediate mitigations: reduce OT exposure, improve asset management, and enforce robust authentication.
read more →