< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 2 of 18

Hitachi Energy ITT600 Explorer DoS Vulnerabilities

🛡️ Hitachi Energy disclosed vulnerabilities in the ITT600 Explorer that can enable Denial of Service (DoS) via crafted IEC61850 messages when IEC61850 server simulation is used. A stack overflow in the libexpat library and uncontrolled recursion/resource allocation issues are identified; affected versions should be updated to 2.1 SP6 HF1 or later and plan for 2.2. CISA republishes the vendor advisory and recommends standard ICS network protections and patching.
read more →

Hitachi Energy MACH HiDraw Heap Overflow Patch

🔒 Hitachi Energy reported a heap-based buffer overflow in MACH HiDraw XML parser where an authenticated local user can trigger memory corruption using a crafted XML file. Successful exploitation may cause application crashes (DoS) or enable arbitrary code execution. A vendor fix is available in version 9.23; contact your local account team for upgrade assistance. CISA recommends network segmentation, firewall controls, and minimizing exposure of control systems to the internet.
read more →

Kaspersky on Safety-Aware Automotive Security

🔒 This article outlines Kaspersky’s approach to securing modern connected and autonomous vehicles, emphasizing the need to combine functional safety with cybersecurity. It highlights standards such as ISO/SAE 21434, UNECE R155/R156, and China’s GB 44495-2024, and explains the role of security gateways and SecOC for CAN bus protection. The piece also discusses distributed IDS monitoring, fleet-wide SIEM integration, and Kaspersky’s KASG and Unified Monitoring and Analysis Platform as implementations.
read more →

CISA and Partners Urge Hardening of ATG Systems

🔒 The Cybersecurity and Infrastructure Security Agency (CISA), alongside multiple federal partners, warns of malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems used across energy, chemical, food and agriculture, and transportation sectors. The advisory outlines observed tactics—such as authentication bypass, command execution, and privilege escalation—and urges owners to remove ATG devices from public internet exposure, apply patches, enforce strong credentials, and monitor device logs. It also lists reporting contacts and mitigation resources.
read more →

ABB Busch‑Welcome Door Opener: Debug Code Risk

🔒 ABB has identified an authentication bypass in specific Busch‑Welcome 2 Wire Door Opener Actuator versions due to active debug code and a compatibility mode enabled by default. Exploitation could allow unauthorized physical access to buildings where the device is installed. ABB provides an on‑site mitigation: toggle the product mode from "Door‑Open" to "Light" and back, then perform a mains power restart to force recalibration. CISA republishes the vendor advisory and recommends network isolation, minimized exposure, and use of secure remote access methods such as updated VPNs while encouraging organizations to follow ICS security best practices.
read more →

VDR G4e Firmware Update Fixes Credential Flaws

🔒 The MacGregor Voyage Data Recorder (VDR) G4e contains multiple credential management vulnerabilities, including default and hard-coded credentials, weak password hashing, and accessible authentication files that can allow an attacker to gain administrator access. Danelec has released firmware V5.250 to address these issues and users are urged to update at the next service attendance rather than waiting for annual maintenance. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using secure remote access methods such as up-to-date VPNs while performing risk assessments prior to deployment of mitigations.
read more →

Eppendorf BioFlo 320 VNC Hard‑coded Password Risk

🔒 The Eppendorf BioFlo 320 is affected by a high‑severity vulnerability (CVSS 9.8) due to a VNC server that uses a hard‑coded password. If remote access is enabled and an attacker knows the device's network address, they can gain full control of the controller interface; VNC traffic is unencrypted. Eppendorf has released Version 5.0 software that removes VNC access and urges users to verify VNC is disabled and restrict configuration changes to Admin and Supervisor roles.
read more →

ABB B&R Automation Runtime SDM Denial of Service

🔒 An Improper Resource Locking vulnerability in the System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network attacker to delete data and cause denial of service. The vendor corrected the issue in Automation Runtime 6.3 and Q4.93 and notes SDM is disabled by default in AR 6. B&R recommends applying updates, restricting SDM access, using TLS/mutual TLS, and limiting webserver access to trusted IPs.
read more →

ABB AC500 V2 Modbus Buffer Over-read Advisory

🛡️ The advisory details a buffer over-read vulnerability in ABB AC500 V2 devices that can cause Modbus server responses to include fragments of earlier telegrams. Affected devices running older firmware may return invalid or appended data when presented with unsupported Modbus function codes. ABB issued a fix in AC500 V2 firmware version 2.5.3 (2016) and later; operators are urged to update and minimize network exposure. CISA republished the vendor advisory to raise visibility and recommends isolating control networks and using secure remote access.
read more →

Why AI Security Strategies Fail at the OT Edge

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.
read more →

Threat-Informed OT Security for Critical Infrastructure

🔒 Operational technology (OT) environments differ fundamentally from IT and demand a threat-informed approach to security that balances safety, uptime, and continuity. Traditional IT controls can disrupt industrial processes, so visibility, asset context, segmentation, and collaboration between IT and OT teams are essential. Fortinet recommends phased, visibility-first segmentation aligned with ISA/IEC 62443, OT-aware policies, passive discovery, and tailored protections such as virtual patching and secure remote access.
read more →

CISA Advisory: Multiple Critical Vulnerabilities in ScadaBR

⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.
read more →

Kieback & Peter DDC Controllers Vulnerable to XSS Alert

⚠️ A cross-site scripting vulnerability (CWE-79, CVSS v3 5.3) affects multiple Kieback & Peter DDC Building Controllers and can enable execution of arbitrary JavaScript in a victim's browser, potentially allowing attacker control of web sessions. Affected models include end-of-maintenance units (DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400) and e-series controllers (DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e). The vendor advises isolating legacy devices, restricting and disabling web access where possible, and updating e-series firmware to the specified versions (e.g., DDC520 -> 1.24.2; DDC4002e/DDC4200e/DDC4400e/DDC4020e/DDC4040e -> 1.23.5) while implementing defense-in-depth controls.
read more →

ABB CoreSense Path Traversal Fixed in New Updates Released

🔒 ABB published updates addressing a path traversal vulnerability (CWE-22, CVSS v3 7.1) affecting CoreSense HM and CoreSense M10. The flaw allowed unauthenticated local users to access restricted directories and could lead to full system compromise and sensitive data exposure. ABB fixed the issue in CoreSense HM v2.3.4 and CoreSense M10 v1.4.1.31 and recommends applying the update promptly. CISA republished the vendor advisory and advises network isolation, strict input validation, and restricting local host access to authorized users.
read more →

PAN-OS Captive Portal Critical RCE Affecting Siemens Devices

⚠️A buffer overflow in the User-ID™ Authentication Portal (Captive Portal) of Palo Alto Networks PAN-OS permits an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens has identified affected Siemens RUGGEDCOM APE1808 devices and is preparing fixes while recommending immediate mitigations. Recommended actions include disabling Response Pages on exposed interfaces, disabling the User-ID Authentication Portal if not required, and restricting portal access to trusted internal IP addresses; contact vendor support for patch information.
read more →

ABB WebPro SNMP Card PowerValue: Multiple Vulnerabilities

🔒 ABB disclosed multiple vulnerabilities in the WebPro SNMP Card PowerValue affecting earlier firmware releases. The flaws include an authentication bypass (the device validates only the first character of session cookies and tokens), insufficient session expiration and uncontrolled resource consumption that can cause DoS and Modbus instability on port 502. ABB issued fixes in v1.1.8.p and recommends contacting ABB Digital Service Support and applying defensive measures from the product manual.
read more →

Fuji Electric Tellus Privilege Escalation Advisory

🔒 CISA published an advisory describing a privilege-escalation vulnerability in Fuji Electric Tellus arising from a kernel driver that grants all users read and write permissions. Successful exploitation could elevate a user to system privileges and may enable temporary denial of service, file opening, or file deletion. The vendor recommends installing Tellus only with administrator privileges; CISA notes the issue is not remotely exploitable and no public exploitation has been reported. CISA advises implementing ICS defensive measures and following established reporting procedures.
read more →

Subnet Solutions PowerSYSTEM Center: Auth and CRLF Flaws

🔒 CISA reports multiple authorization flaws and a CRLF injection affecting Subnet Solutions PowerSYSTEM Center. Authenticated users with limited permissions can expose administrative data via the REST API, delete project groups, or exploit SMTPS notification handling. Subnet Solutions advises upgrading to PSC 2020 Update 29, PSC 2024 Update 2, or the PSC 2026 GA Hotfix and contacting support for assistance.
read more →

ABB AC500 V3 Multiple Vulnerabilities and Fixes Notice

⚠️ABB disclosed multiple vulnerabilities in AC500 V3 PLCs that can bypass user management, expose visualization files, compromise PKI certificates, or cause denial-of-service (CVE-2025-2595, CVE-2025-41659, CVE-2025-41691). The issues stem from forced browsing, a permission flaw in the optional CmpOpenSSL component, and a NULL pointer dereference in CmpDevice. ABB corrected the issues in firmware 3.9.0 via Automation Builder 2.9.0; no workarounds are available and customers should apply the update promptly.
read more →

ABB Automation Builder Gateway insecure default access

⚠️ ABB reported a vulnerability in the Windows Gateway component of Automation Builder that leaves its TCP listener bound to all interfaces by default on port 1217, enabling remote discovery of AC500 PLCs. The gateway may be installed standalone or bundled with other setups such as CODESYS, and unauthenticated actors can scan for PLCs; PLC user management normally prevents control unless disabled. ABB advises restricting access by setting [CmpGwCommDrvTcp] LocalAddress=127.0.0.1 in Gateway.cfg and restarting the gateway, or upgrading to Automation Builder 2.9.0 where the default is local-only.
read more →