Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files.The security holes were discovered by a couple of researchers and their disclosure was coordinated through Trend Micro’s Zero Day Initiative (Z

Several vulnerabilities have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including flaws that researchers claim can be exploited to gain root access to a device and create backdoors.A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial

IT and OT Teams in Critical Infrastructure and Manufacturing Companies Must be Able to Proactively Manage RiskAs IT and security professionals, we know that change is constant. In fact, part of what defines us is our ability to adapt to change and the faster we adapt, the more successful we will be. The change we encountered in 2020 was unprecedented and had

Researchers have discovered vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to denial-of-service (DoS) attacks.According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impac

Industrial cybersecurity firm Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO).The cybersecurity veteran took to LinkedIn this week to share the news. “I’m very excited to announce that I’ve joined the Dragos team! I’ve been watching this exciting company for many years, as well as benefitin

Several critical vulnerabilities have been found by researchers in products from PTC-owned industrial automation solutions provider Kepware.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published two advisories describing vulnerabilities identified in Kepware products.One of the advisories covers three flaws discovered by researc

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.A low-level TCP/IP software

German Chancellor Angela Merkel’s Cabinet approved a bill Wednesday that would require companies involved in setting up critical infrastructure such as high-speed 5G networks to guarantee that their equipment can’t be used for sabotage, espionage or terrorism.The bill, which now goes to parliament, seeks to address concerns that vendors such as Chinese tech

Security Teams Need to Able to Identify and Track Threats That Cross the IT/OT BoundaryThe COVID crisis accelerated the convergence of IT and operational technology (OT) networks. Even enterprises in industries that depend on physical processes – such as manufacturing, food and beverage, pharmaceuticals, oil and gas, and electric utilities – enabled at least

A vast majority of operational technology (OT) devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported on Tuesday.According to the company, 97% of industrial devices affected by the Urgent/11 vulnerabilities have not been patched. As for the CDPwn bugs, 80% of impacted

A potentially serious vulnerability affecting CompactRIO controllers made by NI (National Instruments) could allow hackers to remotely disrupt production processes in an organization, according to researchers.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an ICS-CERT advisory to inform organizations about a high-severity

Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system (ICS) products.Siemens has released six new advisories and updated 18 previous advisories. The new advisories describe vulnerabilities affecting the company’s

Industrial cybersecurity firm Dragos announced on Tuesday that it has raised $110 million in a Series C funding round, which brings the total raised by the company to-date to $158 million.Dragos was founded in May 2016 by Robert M. Lee (CEO), Jon Lavender (CTO) and Justin Cavinee (Chief Data Scientist), former members of the U.S. intelligence community who w

A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system (ICS) at a water facility in Israel.According to industrial cybersecurity firm OTORIO, the hackers accessed a human-machine interface (HMI) system that was directly connected to the internet without any authentication or other type of protection

Vulnerabilities discovered by researchers in Rockwell Automation’s FactoryTalk Linx product can allow attackers to compromise engineering workstations in industrial environments.FactoryTalk Linx, formerly known as RSLinx Enterprise, is a widely used product designed for connecting Allen Bradley programmable logic controllers (PLCs) to Rockwell applications,