Wednesday, May 2, 2018





TECH




Critical Flaw Puts US Industrial Systems At Risk
A critical security flaw in the InduSoft Web Studio and InTouch Machine Edition applications, both of which are made by Schneider Electric and are used in many industries that rely on automated systems, have been discovered by researchers at the Tenable security company. Tenable's researchers said the popularity of Schneider Electric's tools, combined with the severity of the vulnerability, could endanger many U.S. businesses.InduSoft Web Studio and InTouch Machine Edition are used for Supervisory Control and Data Acquisition (SCADA) systems, human-machine interfaces (HMIs), and other automation systems. Tenable said in a blog about its findings that "diverse industries including agriculture, transportation, energy, nuclear power, manufacturing, entertainment, and physical security" rely on SCADA systems and similar infrastructure.These systems' popularity makes them the prime target for hackers. Compromising a country's or business' infrastructure can be just as harmful as a physical attack (if not more so), and cyber attacks are often harder to attribute to any specific group. Tenable's discovery shows that all of the sectors listed above, which range from the U.S. ' food supply to its power grids, could be disrupted by exploiting this vulnerability.Here's how Tenable described the vulnerability's implications in its blog post:

An unauthenticated remote attacker can leverage this attack to execute arbitrary code on vulnerable systems, potentially leading to full compromise of the InduSoft Web Studio or InTouch Machine Edition server machine. A threat actor can use the compromised machine to laterally transfer within the victims network and to perform further attacks. Additionally, connected HMI clients and OT devices can be exposed to attack.

The good news is that Schneider Electric has already updated InduSoft Web Studio and InTouch Machine Edition to address this vulnerability. The bad news is that it's up to each organization to install the newest versions of these applications themselves. Considering how slow this process can be, that means the vulnerability's impact might still be felt long after it was patched out of the affected software.


Nathaniel Mott

at

1 comment:

  1. MUNDO QUATRO RODASMay 2, 2018 at 7:58 AM

    Thanks, Nathaniel for being part of the '' world-phone '' ...

    ReplyDelete

Subscribe to: Post Comments (Atom)

  LEICA Leica Lux Grip helps iPhone photographers craft iconic images The aluminum Leica Lux Grip adds a two-stage mechanical shutter releas...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...