CISA warns of security vulnerabilities in 21 IoT industrial control systems
The US IT security authority CISA has published 21 security alerts on industrial control systems. IT managers should review them.
(Image: Color4260/Shutterstock.com)
The top US IT security authority has published 21 security reports on vulnerabilities in industrial control systems (ICS; IoT). These include numerous products from the manufacturers Delta Electronics, Schneider, Siemens and Rockwell Automation.
In its security bulletin, CISA explains that the individual security advisories contain information on security problems, vulnerabilities and exploits "relating to ICS" (Industrial Control Systems). The individual vulnerabilities usually affect a whole range of devices. The severity varies: While some vulnerabilities receive a medium risk rating, many are found in IoT devices classified as high-risk or even some as critical risk.
Industrial control: workarounds
For example, a critical vulnerability in Siemens Sentron 7KM PAC3200 should not receive a security fix, administrators should, for example, set up a PIN to protect against unauthorized operations. The notifications contain further information, discuss whether updates are planned or available and address any available workarounds. CISA also provides further information from the manufacturers in the advisories.
Videos by heise
The list of products with security vulnerabilities is quite long:
- Siemens SIMATIC S7-1500 and S7-1200 CPUs
- Siemens Simcenter Nastran
- Siemens Teamcenter Visualization and JT2Go
- Siemens SENTRON PAC3200 Devices
- Siemens Questa and ModelSim
- Siemens SINEC Security Monitor
- Siemens JT2Go
- Siemens HiMed Cockpit
- Siemens PSS SINCAL
- Siemens SIMATIC S7-1500 CPUs
- Siemens RUGGEDCOM APE1808
- Siemens Sentron Powercenter 1000
- Siemens Tecnomatix Plant Simulation
- Schneider Electric Zelio Soft 2
- Rockwell Automation DataMosaix Private Cloud
- Rockwell Automation DataMosaix Private Cloud
- Rockwell Automation Verve Asset Manager
- Rockwell Automation Logix Controllers
- Rockwell Automation PowerFlex 6000T
- Rockwell Automation ControlLogix
- Delta Electronics CNCSoft-G2
CISA recommends that users and administrators read the security messages for industrial control systems and check the technical details and countermeasures.
Vulnerable ICS systems (also known as Internet of Things, IoT) can be used as a gateway or for infiltration by malicious actors. This can enable them to blackmail or spy on information. At the end of September, for example, the FBI shut down a huge botnet of home routers, webcams and NAS devices. However, IoT devices other than these can also be used as drones in the botnet.
(dmk)
