ICS Summary for Week of February 2nd

Gemalto Licensing Tool Vulnerability It has come to light this week that vulnerabilities have been found in the Gemalto Sentinel LDK licensing solution, which is advertised as an “out-of-the-box Software Protection, Licensing,and Entitlement Management System” by Gemalto. The product uses a USB token to provide Continue Reading

ICS Summary for Week of October 27, 2017

Critical Vulnerabilities Found in SATCOM Systems Researchers at IOActive have found two critical vulnerabilities in the AmosConnect 8 SATCOM systems.  Created by telecommunications company, Inmarsat, the AmosConnect 8 system provides access to e-mail, instant messages, position reporting, crew internet, automatic file transfer, and application integration Continue Reading

ICS Summary for Week of October 20, 2017

SpiderControl MicroBrowser Found Vulnerable ICS-CERT has released an advisory for SpiderControl’s Microbrowser system.  Security researcher, Karn Ganeshen, reported a vulnerability in the Swiss-based company’s touch panel operating system that, if exploited, would allow an attacker to execute arbitrary code on the system (ICS-CERT, 2017).  SpiderControl Continue Reading

ICS Summary for Week of October 12, 2017

JanTek TCP/IP Converter Vunerabilities Found – No Patch Available Security researcher, Karn Ganeshan, found two vulnerabilities in the JTC-200 TCP/IP converters.  The products from Taiwan-based company, JanTek, are primarily used in the Critical Manufacturing sector in Europe and Asia.  The vulnerabilities, if exploited could allow Continue Reading

ICS Summary for Week of October 6, 2017

Siemens Data Manager Found Vulnerable ICS-CERT reported this week that security researcher, Maxim Rupp, found a vulnerability in Siemens’ 7KT PAC1200 data manager.  This vulnerability allowed a remote attacker to bypass authentication and perform high level administration functions on the exploited device.  Siemens has released Continue Reading

ICS Summary for Week of September 22, 2017

SCADA Webserver Found Lacking Proper Authentication A SCADA webserver made by Swiss-based company, iniNet Solutions GmbH, was found to have a critical vulnerability that may allow a malicious attacker to gain access to human-machine interface (HMI) pages without authentication.  The third party software is used Continue Reading

ICS Summary for Week of September 14, 2017

Syringe Infusion Pumps Vulnerable to Remote Attacks ICS-CERT has published an advisory detailing eight vulnerabilities found in Medfusion 4000 Wireless Syringe Infusion Pump manufactured by US-based device maker Smiths Medical.  These systems are meant to deliver accurate small doses of medication to patients in critical Continue Reading

ICS Summary for Week of September 8, 2017

Dragonfly 2.0: Hackers Targeting Western Energy Sector Symantec has released a report detailing the new activities of the Dragonfly (also known as Crouching Yeti and Energetic Bear) hacking group.  This group has been around since at least 2010, but security groups first reported on them Continue Reading