In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial...

Exploitation of vulnerabilities in Emerson AMS Device Manager, an industrial asset control system, could allow arbitrary code execution and malware injection

Multiple vulnerabilities affect the Alpha5 Smart Loader servo system, FRENIC Loader software, and FRENIC-Ace, FRENIC-Mini, FRENIC-Eco, FRENIC-Multi, and FRENIC-MEGA inverters

Vulnerabilities in the web interface of EMG12 Ethernet Modbus Gateway devices could allow unauthorized access to the devices and the ability to change device configuration

On September 26 – 27, 2018 Kaspersky Lab ICS CERT and Fraunhofer IOSB conducted their first “Advanced Industrial Cybersecurity in Practice” joint training course

On October 16, Kaspersky Lab and Fraunhofer IOSB are hosting a joint webinar to highlight the importance of ICS cybersecurity education and present a new ICS cybersecurity training course

Experts point to the similarities between the new malware and BlackEnergy, and a possible connection of the attacks with the TeleBots criminal group

The attackers attempted to infect computers with MartyMcFly remote access Trojan using phishing emails with malicious attachments

Kaspersky Lab is launching the fourth international industrial Capture the Flag (CTF) security competition and inviting ethical hackers (whitehats) from across the world to test the security of...

Vulnerabilities identified in Advantech WebAccess include buffer overflow, path traversal, improper privilege management, etc.

The vulnerabilities affect InduSoft Web Studio and InTouch Edge HMI and could allow remote execution of arbitrary code

Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials to bypass authentication, and to access critical information

The vulnerability affects the Schneider Electric Software Update (SESU) tool, which is used to notify users when updated Schneider Electric software is available

The most dangerous of the vulnerabilities affect the SIMATIC S7-400 CPU family and the SIMATIC IT Production Suite software package. The vulnerabilities have been fixed for most of the affected products

The most serious of the vulnerabilities could allow arbitrary files to be downloaded from the device

In October 2018, Vyacheslav Kopeytsev, Security Researcher, Critical Infrastructure Threat Analysis, spoke at MALCON 2018, the 13th IEEE International Conference on Malicious and Unwanted...

A critical vulnerability in Modicon M221 PLC could allow attackers to intercept traffic by remotely changing IPv4 parameters

Kaspersky Lab ICS CERT is conducting a practical course in IoT vulnerability research. This class provides a deep dive into hardware analysis, firmware extraction and analysis, vulnerability...

The online qualifications round for Kaspersky Industrial CTF 2018 took place on November 23-24. Over 1,000 teams registered with 130 eventually scoring points. The top 4 teams will participate in...

Another two-day course “Advanced Industrial Cybersecurity in Practice” was held in Germany. The course included theoretical sections followed by live demonstrations and exercises. An international...

LibVNCServer before a 0.9.12 release contains a heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution.

Neither communication encryption nor user authentication is activated by default, but must be activated by the user.

CODESYS routing protocol may disguise the source of crafted communication packets.

CODESYS communication servers use insufficiently random values.

Critical and severe vulnerabilities have been identified in GP-Pro EX programming environment, Zelio Soft software and IIoT Monitor platform

Factors that have a significant effect, now and going forward, on the threat landscape, on the development, implementation, and use of organizational and technical measures to protect industrial...

UltraVNC before 1.2.2.4 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial-of-service (DoS) condition of VNC client.

UltraVNC before 1.2.2.4 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution.

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result code execution. This...

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result...