• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Researchers Reveal 56 OT Bugs in “Icefall” Report

You are here: Home / General Cyber Security News / Researchers Reveal 56 OT Bugs in “Icefall” Report
June 21, 2022

Security scientists have disclosed 56 new vulnerabilities in 10 operational technology (OT) vendors’ items that they say show significant “insecure-by-design” procedures.

Forescout issued the OT:Icefall report right now, revealing the impacted producers as Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Make contact with, Siemens and Yokogawa.

It stated the vulnerabilities them selves broadly in shape into four classes:

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • Insecure engineering protocols
  • Weak cryptography or damaged authentication techniques
  • Insecure firmware updates
  • Remote code execution (RCE) by means of indigenous operation

The most frequent vulnerability kind permits attackers to compromise credentials (38%). Next comes firmware manipulation (21%), RCE (14%) and configuration manipulation (8%). A compact variety of DoS, authentication bypass, file manipulation and logic manipulation bugs are also outlined.

“With OT:ICEFALL, we needed to disclose and supply a quantitative overview of OT insecure-by-layout vulnerabilities fairly than depend on the periodic bursts of CVEs for a one products or a smaller set of general public serious-entire world incidents that are generally brushed off as a specific seller or asset operator staying at fault,” Forescout stated in a blog put up.

“These issues array from persistent insecure-by-design and style tactics in security-licensed products to subpar makes an attempt to go absent from them. The objective is to illustrate how the opaque and proprietary mother nature of these systems, the suboptimal vulnerability management encompassing them, and the often-bogus sense of security supplied by certifications considerably complicate OT risk management endeavours.”

Forescout unveiled that 74% of the product households affected by OT:Icefall have some kind of security certification and argued that most of the issues it unveiled should really have been found comparatively quickly and conveniently if companies had executed in-depth vulnerability discovery.

The security seller added that opacity in the market is harming efforts to strengthen the security of OT merchandise. Lots of insecure-by-style and design challenges are not assigned CVEs, so they typically continue to be “less obvious and actionable,” it argued.

“The speedy growth of the danger landscape is well documented at this stage. By connecting OT to IoT and IT devices, vulnerabilities that when were being witnessed as insignificant because of to their lack of connectivity are now significant targets for poor actors,” warned Daniel dos Santos, head of security analysis at Forescout Vedere Labs.


Some areas of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News US Bank Data Breach Impacts Over 1.5 Million Customers
Next Post: Former Amazon Employee Found Guilty in 2019 Capital One Data Breach former amazon employee found guilty in 2019 capital one data»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
  • Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
  • OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach

Copyright © TheCyberSecurity.News, All Rights Reserved.