Tag: ICS

Siemens Patches Holes In Industrial Control Switch

A security researcher discovered two, serious security holes in a switch by Siemens that could allow an attacker to hijack industrial control system hardware that is heavily used by energy and transportation firms, among others. IOActive, a security consulting firm in Seattle, Washington, said on Thursday that Eireann Leverett, a senior security consultant, discovered two vulnerabilities in Siemens’ SCALANCE X-200 Switches. The vulnerabilities were in a web server component that provided administrators with access to features needed to configure the switches. If exploited, they would have allowed an attacker who had access to the same network as the SCALANCE switch to perform administrative actions on the devices, including updating the switch firmware and hijack active web sessions – all without needing to first log in to the device. SCALANCE is a family of Ethernet switches that connect to industrial control system (ICS) devices including programmable logic controllers (PLCs) and Human […]

Continue Reading

U.S. Cyber Security Framework Is Good News-For Hackers

Ralph Langner, the renowned expert on the security of industrial control- and SCADA systems, warns that the latest draft of the U.S. Government’s Cyber Security Framework (CSF) will do little to make critical infrastructure more resistant to devastating cyber attacks. Writing on his blog, Langner said that a draft of the National Institute of Standards and Technology’s (NIST’s) Preliminary Cybersecurity Framework does little to compel critical infrastructure owners to improve the security of their systems, or guarantee uniform (and robust) cyber security standards in the critical infrastructure space. NIST released the latest draft of the CSF late last month (PDF). But Langner, writing on Wednesday,  likened the framework to a recipe that, if used by three different chefs, produces three totally different dishes…or just a messy kitchen. “A less metaphorical words, a fundamental problem of the CSF is that it is not a method that, if applied properly, would lead to predictable results,” […]

Continue Reading

FBI Issued Alert over July Attack on HVAC System

The FBI issued an alert to businesses in July after unknown attackers breached a computer used to control the heating, ventilation and air conditioning (HVAC) system of a New Jersey company, accessing a graphical user interface for the system, including a floor play layout of the company’s office. The attacks came after an Anonymous affiliated hacker, using the handle @ntisec, published links to vulnerable ICS systems running software from the firm Tridium online. The links included the address of an administrative system that controlled the HVAC system used by US Business 1, a New Jersey company that installs air conditioning systems for other companies, according to a copy of the July, 2012 Situational Information Report (PDF), issued by the Newark Division of the FBI. The alert concerning the February and March, 2012 attack was released by the web site Public Intelligence on Saturday. The FBI did not respond to a request for comment from Security […]

Continue Reading
1 2