Cybersecurity firm Forescout has disclosed OT:Icefall, a collection of 56 vulnerabilities discovered across the products of ten companies that make operational technology (OT) systems.
Forescout researchers discovered issues related to insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware update mechanisms, and native functionality abuse.
The security holes impact various types of industrial control systems (ICS), including engineering workstations, PLCs, distributed control systems, building controllers, safety instrumented systems, remote terminal units, and SCADA systems. Exploitation of the flaws can lead to remote code execution, DoS attacks, firmware manipulation, compromised credentials, and authentication bypass.
Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. These companies have started sharing mitigations for the vulnerabilities.
Industry professionals have commented on various aspects of the OT:Icefall vulnerabilities and provide recommendations for impacted organizations.
Ron Fabela, Co-founder and CTO, SynSaber:
“While the…
