Updated  Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manu

CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure

submited by
Style Pass
2022-06-21 23:00:09

Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

Forescout's Vedere Labs said it discovered the bugs in devices built by ten vendors in use across the security company's customer base, and collectively named them OT:ICEFALL. According to the researchers, the vulnerabilities affect at least 324 organizations globally – and in reality this number is probably much larger since Forescout only has visibility into its own customers' OT devices.

Leave a Comment