#IndustrialAutomation

ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others

December 11, 2024 by Xynik

December 11, 2024 at 06:34AM The December 2024 ICS Patch Tuesday featured advisories from CISA and several industrial companies, notably Schneider Electric and Siemens. Significant vulnerabilities were reported, including critical flaws in Modicon controllers and high-severity issues in various products, prompting numerous patches and mitigations for affected systems. Rockwell Automation and Phoenix Contact also released … Read more

Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking

November 25, 2024 by Xynik

November 25, 2024 at 11:03AM The myPRO system by mySCADA has critical vulnerabilities allowing remote attackers to gain control. Discovered by researcher Michael Heinzl, the flaws include OS command injection and improper authentication. mySCADA has released patches, but the exact number of vulnerable systems remains unclear. CISA reports no known exploitations to date. ### Meeting … Read more

Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation

November 4, 2024 by Xynik

November 4, 2024 at 05:07AM Siemens and Rockwell Automation are enhancing cybersecurity for industrial organizations, yet face challenges in encouraging customers to install security systems and upgrade their Industrial Control Systems (ICS). **Meeting Takeaways:** 1. **Collaboration on Cybersecurity**: Siemens and Rockwell Automation are actively working together to enhance cybersecurity measures in industrial organizations. 2. **Challenges … Read more

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

October 28, 2024 by Xynik

October 28, 2024 at 07:26AM Operational Technology (OT) security is crucial for marine vessels and port operators, as digitalization leads to new security challenges. SSH’s PrivX OT Edition addresses these issues by providing secure, centralized remote access management for critical systems, enhancing safety, compliance, and operational efficiency while mitigating cyber risks across the maritime industry. … Read more

Honeywell and Google Cloud to Accelerate Auto Operations With AI Agents for the Industrial Sector

October 22, 2024 by Xynik

October 22, 2024 at 05:23PM Honeywell and Google Cloud announced a collaboration to enhance industrial operations using AI, integrating Honeywell Forge data with Google’s Gemini AI platform. This partnership aims to improve maintenance costs, productivity, and workforce training, with initial solutions set for release in 2025, addressing labor shortages in the industrial sector. ### Key … Read more

Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC

September 26, 2024 by Xynik

September 26, 2024 at 11:13AM Cisco Talos disclosed critical and high-severity vulnerabilities in OpenPLC, an open source programmable logic controller designed for industrial automation and research. These can be exploited for DoS attacks and remote code execution using specially crafted EtherNet/IP requests. The vulnerabilities were patched on September 17, and users are advised to update … Read more

SCADA Market Is Set to Reach $18.7B by 2031

September 12, 2024 by Xynik

September 12, 2024 at 02:35PM The press release highlights that global SCADA (Supervisory Control and Data Acquisition) market is driven by the adoption of automated technologies, Industry 5.0, and growing emphasis on industrial automation. Although initial investment requirements and cyberattack risks pose challenges, the market is expected to grow, with networked SCADA systems leading the … Read more

Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution

May 22, 2024 by Xynik

May 22, 2024 at 07:42AM Claroty disclosed vulnerabilities in Honeywell’s Control Edge Unit Operations Controller found by its researchers. The vulnerabilities in the ControlEdge Virtual UOC industrial automation controller include a critical severity issue allowing arbitrary code execution without authentication, and a medium-severity absolute path traversal issue. Honeywell promptly issued patches and advisories regarding the … Read more

Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products

March 27, 2024 by Xynik

March 27, 2024 at 08:48AM Rockwell Automation released three security advisories identifying a total of 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation software. CISA also issued advisories to organizations, warning about these vulnerabilities. The flaws include high-severity code execution vulnerabilities and one security issue without patches. Exploitation requires user interaction. Stephen Ford has … Read more

Rockwell Automation Hires Stephen Ford as Chief Information Security Officer

March 13, 2024 by Xynik

March 13, 2024 at 12:45PM Stephen Ford has joined Rockwell Automation as VP and Chief Information Security Officer. With prior experience at McKesson Corporation, HP, and academic institutions, Ford holds a bachelor’s degree in computer science, an MBA from Prairie View A&M University, and a master’s degree from Harvard University. He will report to Chris … Read more