Vulnerabilities can lead to a denial-of-service condition and command execution without proper authentication

The vulnerabilities could allow an attacker to read arbitrary files or cause a denial-of-service condition

The CODESYS Control runtime system enables embedded or PC-based devices to be a programmable industrial controller. The CODESYS Control runtime system provides several security features. To limit...

The purpose of the IoT Security Maturity Model (IoT SMM) is to help choose protection measures against cyberthreats that correspond to the company’s actual business needs.

Industrial Internet Consortium will take part in the Kaspersky Industrial Cybersecurity Conference 2019 in Sochi as an Association Partner. Don't miss the IIC delegate's presentation!

Exploitation of the vulnerabilities could lead to remote code execution

Language packs containing malformed filenames lead to a stack buffer overflow. The vulnerability causes an arbitrary code execution. OVAL definition* KLCERT-17-002_OVAL

Malformed ASN1 streams in V2C and similar input files can be used to generate stack buffer overflows. The vulnerability causes an arbitrary code execution. OVAL definition* KLCERT-17-003_OVAL

Kaspersky Lab ICS CERT has identified multiple remote code execution (RCE) and denial of service (DOS) vulnerabilities in hasplms service that is a part of Gemalto’s HASP SRM, Sentinel HASP and...

U.S. Food and Drug Administration (FDA) has announced the recall of 465,000 cardiac pacemakers produced by Abbott for security update installation. The update patches cybersecurity vulnerabilities...

US ICS-СERT has published an advisory on fixes for a vulnerability in Siemens industrial products using the Discovery Service of the OPC UA protocol stack.

Symantec has published a report on new cyberattacks targeting the energy sector in Europe and North America.

Researches from Armis Labs have identified a new attack vector, dubbed BlueBorne, that endangers mobile, desktop and IoT operating systems, including Android, iOS, Windows, and Linux.

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.

Arbitrary memory read from controlled memory pointer in Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.

Memory corruption in Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.

Remote enabling and disabling administrative interface opens new attack vectors on the remote system with Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.

Kaspersky Lab ICS CERT has identified multiple vulnerabilities: denial of service (DOS), NTLM-relay attack, Stack buffer overflow, Remotely enabling web admin interface, Arbitrary memory read and...

Kaspersky Lab has held the Industrial Cybersecurity: Safeguarding Technological Progress conference in Saint Petersburg. The conference was devoted to the most pressing issues associated with...

Kaspersky Lab experts believe that the same threat actor is behind ExPetr and Bad Rabbit

The Reaper IoT botnet includes about 10-20 thousand infected devices, with some of these devices possibly being used by industrial enterprises, hospitals, railway terminals and airports

Schneider Electric has released patches for a vulnerability which affects InduSoft Web Studio and HMI InTouch Machine Edition products

Serious vulnerabilities allowing attackers to execute code remotely and bypass authentication have been identified in Siemens SICAM RTU modules. Disabling the integrated web server is recommended...

Moxa has released updates that close serious flaws in NPort device firmware. Devices of this type were targeted in December 2015 attacks on Ukrainian power companies.

Siemens has announced that some of its industrial solutions are vulnerable to DoS attacks. Vulnerable devices include industrial controllers, field devices and shop floor automation systems.

A new variant of the Mirai malware infects vulnerable ZyXEL devices, making them part of a botnet.

Remote exploitation of discovered vulnerabilities lead to full compromise the system with Saperion webclient.

Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) has identified multiple vulnerabilities in the Saperion Web Client, a web application developed by Kofax.

The Massachusetts Institute of Technology (MIT), in collaboration with Kaspersky Lab, hosted its second annual “Think Security” seminar devoted to protecting industrial automation systems from...

WAGO has closed a critical vulnerability (improper authentication) in its PFC200 Series PLCs.