Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

    justmattgBy justmattgJune 20, 2023No Comments2 Mins Read

    [ad_1]

    Jun 20, 2023Ravie LakshmananOperational Technology

    Operational Technology

    Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric.

    The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors.

    “OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to secure design, patching and testing in OT device vendors,” the company said in a report shared with The Hacker News.

    The most severe of the flaws is CVE-2022-46680 (CVSS score: 8.8), which concerns the plaintext transmission of credentials in the ION/TCP protocol used by power meters from Schneider Electric.

    Cybersecurity

    Successful exploitation of the bug could enable threat actors to gain control of vulnerable devices. It’s worth noting that CVE-2022-46680 is one among the 56 flaws originally unearthed by Forescout in June 2022.

    Operational Technology

    The other two new security holes (CVE-2023-1619 and CVE-2023-1620, CVSS scores: 4.9) relate to denial-of-service (DoS) bugs impacting WAGO 750 controllers that could be activated by an authenticated attacker by sending specific malformed packets or specific requests after being logged out.

    In concluding the OT:ICEFALL research, Forescout notes that vendors still lack a fundamental understanding of secure-by-design practices and that they release incomplete patches and fail to implement appropriate security testing procedures.

    “This is worrying because as OT products start implementing security controls and end up getting certified, the perception of their security posture might change and the sense of urgency around compensating controls might drop – leading to a false sense of security,” the company said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleWhat You Need to Know
    Next Article New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑