CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

Original release date: June 22, 2022 | Last revised: June 23, 2022

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

CISA has released six corresponding Industrial Controls Systems Advisories (ICSAs) currently to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.

ICSA-22-172-02 : JTEKT TOYOPUC
ICSA-22-172-03 : Phoenix Contact Classic Line Controllers
ICSA-22-172-04 : Phoenix Contact ProConOS and MULTIPROG
ICSA-22-172-05 : Phoenix Contact Classic Line Industrial Controllers
ICSA-22-172-06 : Siemens WinCC OA
ICSA-22-174-01 : Yokogawa STARDOM

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next CISA Adds Eight Known Exploited Vulnerabilities to Catalog   »

Previous « CISA Releases Cloud Security Technical Reference Architecture

This website uses cookies.

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

Recent Posts

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases Five Industrial Control Systems Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Four Industrial Control Systems Advisories