Items Tagged with "ICS"


296634767383f056e82787fcb3b94864

An Open Source Methodology to Attack Critical Infrastructure

March 20, 2012 Added by:Jeffrey Carr

Attackers with moderate skills can cause disruption to outright destruction of critical infrastructure at low cost and in short order. Contrary to popular wisdom, an attack against a nuclear power or hydro-electric plant doesn't require the resources of a nation state...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Does DoE Know the Difference Between IT and Control Systems?

March 20, 2012 Added by:Joe Weiss

In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Windows Remote Desktop Protocol Vulnerability

March 20, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a Remote Desktop Protocol (RDP) vulnerability, which with successful exploitation in the control systems environment could lead to system processes freezing and potentially allow remote code execution...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy Historian Data Advisory

March 15, 2012 Added by:Infosec Island Admin

ICS-CERT received a report from GE Intelligent Platforms concerning a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver could allow an attacker to cause the service to crash, and may lead to arbitrary code execution...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy Plant Vulnerability

March 14, 2012 Added by:Infosec Island Admin

ICS-CERT received a report concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications which could allow an attacker to cause multiple Proficy services to crash, which may lead to arbitrary code execution...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Directory Traversal Vulnerability

March 13, 2012 Added by:Infosec Island Admin

ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning a directory traversal vulnerability in the GE Intelligent Platforms which could allow an attacker to create or overwrite a file on systems running the Real-Time Information Portal...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT Monthly Monitor Report for February 2012

March 12, 2012

In January, ICS-CERT identified and responded to a cyber intrusion into a building Energy Management System used to control heating and cooling for a state government facility. The incident was identified by ICS-CERT after correlating information posted in open sources...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Shining LIGHTS on ICS Cybersecurity

March 11, 2012 Added by:Chris Blask

The LIGHTS program was created as a means of addressing security for the large number of small utilities operations. LIGHTS is a non-profit program run under Energysec that sets a consistent open-source-baseline approach to securing smaller critical industrial control facilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Solar Flare Disruption Advisory

March 09, 2012 Added by:Infosec Island Admin

The resulting geomagnetic storms can cause aurora at low latitudes and disrupt satellite and high frequency radio communication, GPS, and power grids. ICS-CERT requests that any issues affecting control systems in critical infrastructure environments be reported...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: xArrow SCADA HMI Multiple Vulnerabilities

March 07, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report detailing multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting xArrow, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product that are are remotely exploitable...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Robot Communication Runtime Buffer Overflow

March 05, 2012 Added by:Infosec Island Admin

A buffer overflow vulnerability in the Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers could allow an attacker to cause a denial of service and potentially execute remote code with administrator privileges...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

BSidesSF: Amol Sarwate on SCADA Security Challenges

February 27, 2012

Amol Sarwate examined how SCADA security and advance persistent threats have now taken center stage. While the industry has some success in dealing with IT security, when it comes to industrial control systems or SCADA systems, it still has enormous challenges...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Is ICS-CERT Focused on the Right Issues?

February 21, 2012 Added by:Joe Weiss

Analysis of the incident database shows the most significant events from an impact perspective were control system related - yet they represent only 24 of the 203 advisories ICS-CERT put out in the last year. It appears ICS-CERT is focusing on the less important issues...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7Technologies TERMIS DLL Hijacking

February 21, 2012 Added by:Infosec Island Admin

The 7T TERMIS software is vulnerable to DLL Hijacking. An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. This vulnerability may allow execution of arbitrary code and may be exploitable from a remote machine...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7T AQUIS DLL Hijacking Vulnerability

February 20, 2012 Added by:Infosec Island Admin

An uncontrolled search path element vulnerability, commonly referred to as DLL Hijacking, in the 7-Technologies (7T) AQUIS software could lead to arbitrary code execution with successful exploit...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »