< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 3 of 18

Student Hacks TETRA System, Stops Taiwan High-Speed Trains

🔴 A 23-year-old university student in Taiwan was arrested after allegedly interfering with the country's TETRA-based communications for the Taiwan High Speed Rail (THSR). Authorities say he used SDR equipment and handheld radios to transmit a high-priority 'General Alarm' on April 5, forcing emergency brakes and halting four trains for 48 minutes. Investigators found decoded radio parameters and an accomplice who supplied critical THSR settings. Equipment including 11 radios, an SDR and a laptop were seized; the suspect faces criminal charges and was released on NT$100,000 bail.
read more →

Hitachi Energy PCM600 Zip-Slip Vulnerability and Guidance

⚠️ Hitachi Energy reported a directory traversal vulnerability (CVE-2018-1002208) affecting PCM600 product lines, including legacy 2.11 and several 3.x releases. The flaw resides in an affected SharpZipLib component (pre-1.0 RC1) and allows crafted ZIP archives to write files outside intended extraction directories, creating an integrity risk. Hitachi Energy recommends migrating to maintained 3.x builds, following vendor guidance and immediate mitigations such as network isolation, removal of default credentials, and secure remote access while awaiting a planned 3.1 SP4 update.
read more →

ABB B&R Runtime ANSL Server DoS: Patch Released Now

⚠ ABB reported a vulnerability in B&R Automation Runtime (ANSL-Server) that can be triggered remotely to cause a denial-of-service on affected nodes. The issue (CVE-2025-11044) is fixed in Automation Runtime 6.5 and R4.93. Apply the vendor patch promptly; interim mitigations include longer cycle times, limiting ANSL connections at the control-network firewall, and load testing before commissioning.
read more →

ABB Automation Studio Certificate Validation Vulnerability

🔒 ABB has released an update for Automation Studio to address an improper certificate validation vulnerability affecting the OPC-UA and ANSL over TLS clients (CVE-2025-11043). An attacker with network access who can intercept or redirect communications could present forged certificates that pass validation, enabling interception or manipulation of data. The issue is fixed in Automation Studio 6.5; users should apply the update promptly and follow recommended network segmentation and secure remote-access practices. CISA rates this flaw as High (CVSS 7.4) and recorded no reports of active exploitation at publication.
read more →

Johnson Controls AC2000 DLL Hijacking Vulnerability

⚠️ Johnson Controls' CEM AC2000 contains a DLL hijacking vulnerability (CVE-2026-21661) affecting versions 12.0, 11.0, and 10.6 that could allow a local, non‑privileged user to escalate privileges on the host. CISA assigns a CVSS v3.1 base score of 8.7 (High). The issue is not remotely exploitable and no public exploitation has been reported. Johnson Controls has released patched updates and recommends upgrading to the specified releases.
read more →

ABB B&R PVI client logs sensitive data vulnerability

🔒 ABB has released an update addressing a logging issue in its B&R PVI client that could expose sensitive information. Affected versions are PVI <6.5.0>; the issue is fixed in PVI 6.5.0 (CVE-2026-0936). The vulnerability can allow an authenticated local attacker to read credentials written to client-side logs, although logging is disabled by default. Customers should apply the update promptly and limit client logging to troubleshooting only.
read more →

Managing OT Risk at Scale: Leadership Over Technical Fixes

🛡️Organizations frequently assume IT security models apply to operational technology, but the article argues that OT demands a different approach because systems have long lifecycles, limited patching, and pervasive third‑party dependencies. The core issue at scale is governance: consistent decision rights, escalation logic and shared accountability across distributed sites. Boards should focus on concrete OT scenarios, clarify whether governance is centralized or federated, and insist on independent assurance rather than tool debates. The piece frames OT resilience as a leadership and governance challenge, not merely a technical one.
read more →

US Agencies Issue Zero Trust Guidance for OT Security

🔒 A joint guide from CISA and federal partners outlines how to adapt zero trust principles to operational technology (OT) environments while preserving safety and uptime. It details practical measures such as passive asset discovery, network segmentation, microsegmentation, identity and access controls tailored to legacy devices, and secure remote access via jump hosts with MFA. The guidance calls out risks from IT/OT convergence, including credential compromise, supply-chain vulnerabilities and malware that can disrupt physical processes. It emphasizes compensating controls where modern security features cannot be deployed, and the need for close IT–OT collaboration and integrated incident response.
read more →

CISA Urges Zero Trust Adoption for Operational Technology

🔒 CISA has instructed owners and operators of operational technology to stop assuming network safety and released joint guidance, Adapting Zero Trust Principles to Operational Technology, to apply Zero Trust to systems supporting power, water, transportation, building automation, and weapons-support infrastructure. The 28-page guide — developed with the Department of War, Department of Energy, FBI, State Department and NIST technical input — emphasizes assuming adversaries are inside, validating access by identity, context, and risk, and tailoring controls to OT constraints like latency and safety.
read more →

Fast16 Malware: State-Sponsored Sabotage Targeting Iran

🔍 Researchers have reverse-engineered a sophisticated malware strain called Fast16, concluding it is almost certainly state-sponsored and likely of US origin. The malware was reportedly deployed against Iranian targets years before Stuxnet, and it propagates automatically across networks while avoiding overt disruption. Instead of crashing systems, Fast16 silently tampers with numerical computations inside specialized simulation and engineering applications, altering results in ways that can turn routine analyses into faulty designs or trigger catastrophic equipment failures.
read more →

Guide to Accelerate Zero Trust for Operational Technology

🔐 CISA and U.S. government partners published Adapting Zero Trust Principles to Operational Technology, a practical guide for OT owners, operators, and Zero Trust practitioners. The guidance explains how to apply Zero Trust in OT environments while minimizing risk to mission-critical systems and accommodating legacy constraints and safety requirements. It highlights establishing zones and conduits, addressing supply chain risks, and implementing robust identity and access management to reduce exposure and strengthen resilience.
read more →

Adapting Zero Trust Principles for Operational Technology

🔒 CISA, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, published joint guidance on applying Zero Trust principles to operational technology. The guidance addresses IT-OT convergence risks, legacy infrastructure limitations, operational and safety constraints, and recommends layered controls such as asset visibility, identity and access management, network segmentation, secure communication protocols, and vulnerability management. It emphasizes continuous validation of access and proactive supply chain risk management to protect critical physical processes.
read more →

Serial-to-Ethernet Converters Riddled with Vulnerabilities

⚠ Forescout's BRIDGE:BREAK study finds serial-to-Ethernet adapters widely shipped with outdated kernels and insecure open-source components, exposing industrial, healthcare, and retail equipment to attack. Researchers report firmware images averaged roughly 80 OSS components and nearly 2,500 known vulnerabilities with public exploits present. Manual analysis uncovered 22 new flaws in Lantronix and Silex devices enabling RCE, authentication bypass, firmware tampering, and device takeover. Vendors released patches; operators should patch, remove internet exposure, enforce strong credentials, segment networks, and monitor for misuse.
read more →

22 BRIDGE:BREAK Flaws in Lantronix and Silex Converters

⚠️ Forescout Research Vedere Labs disclosed 22 vulnerabilities, labeled BRIDGE:BREAK, in popular Lantronix and Silex serial-to-IP converters that bridge legacy serial equipment to IP networks. Researchers located nearly 20,000 exposed devices online and warned that several flaws permit full takeover or tampering with serial traffic. Affected models include Lantronix EDS3000PS/EDS5000 and Silex SD330-AC; vendors have issued firmware updates and advisories. Operators should patch immediately, remove default credentials, segment networks, and avoid exposing these converters to the internet.
read more →

Siemens Industrial Edge Management Authentication Bypass

🔒 Siemens has disclosed an authorization bypass vulnerability in Industrial Edge Management that may allow an unauthenticated remote attacker to circumvent authentication and access connected devices using the product's remote connection feature. Tracked as CVE-2026-33892, the flaw has a CVSS v3.1 base score of 7.1 (High). Siemens released patched versions and urges operators to update immediately and restrict network access to affected systems.
read more →

Hardy Barth Salia EV Charge Controller Vulnerabilities

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.
read more →

Siemens TPM 2.0 Vulnerability (CVE-2025-2884) Advisory

🔒 The Siemens TPM 2.0 reference implementation contains a vulnerability (CVE-2025-2884) in the CryptHmacSign helper that can perform an out‑of‑bounds read because it does not validate the signature scheme against the signature key algorithm. Successful exploitation could result in information disclosure or denial of service of the TPM. Siemens ProductCERT has published fixes for many affected SIMATIC and IPC models and is preparing additional updates; where fixes are not yet available, CISA and Siemens recommend network isolation and other mitigations.
read more →

Siemens SINEC NMS UMC Authentication Bypass Vulnerability

⚠️ A vulnerability in Siemens SINEC NMS when used with the User Management Component (UMC) allows an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Tracked as CVE-2026-24032 and scored CVSS v3.1 7.3 (High), the flaw stems from insufficient validation of user identity in the UMC. Siemens released an update; operators should upgrade to V4.0 SP3 or later. Limit network exposure, isolate control networks behind firewalls, and follow Siemens' industrial security guidance when applying fixes.
read more →

Silex SD-330AC and AMC Manager: Multiple Critical Flaws

⚠️ Silex Technology released updates addressing multiple serious vulnerabilities in SD-330AC and AMC Manager that could permit remote code execution, denial-of-service, or unauthenticated configuration changes. Affected versions include SD-330AC ≤ 1.42 and AMC Manager ≤ 5.0.2; vendor fixes are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. CISA notes CVSS scores up to 9.8 and recommends applying vendor updates and interim mitigations such as disabling HTTP/HTTPS for impacted functions, setting web-interface passwords, and disabling SNMP.
read more →

Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation

🔒 Siemens has identified a privilege escalation vulnerability (CVE-2026-27668) in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) that permits authenticated User Administrators to grant themselves access to any device group. The issue affects SAM-P versions prior to V5.8; Siemens has released V5.8 to remediate the flaw and recommends immediate updates. Operators should also minimize network exposure and follow established industrial security guidelines.
read more →