Today the DHS ICS-CERT published a control system security advisory for the Honeywell Process Knowledge System (PKS). They also issued a warning about the potential for distributed denial of service (DDOS) attacks on internet facing industrial control system products.
This advisory describes an improper input validation vulnerability in the Honeywell Experion Process Knowledge System (PKS) platform. This is apparently a self-reported vulnerability. Honeywell has produced patches to mitigate the vulnerability.
ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to prevent the Experion PKS client tools from uploading firmware to Series-C devices.
ICS DDOS Warning
ICS-CERT posted a very short and very generic warning about the potential for DDOS attacks on internet facing control systems or components thereof. This is based upon the US-CERT report about recent very large DDOS attacks. There is no information provided that indicates a specific threat against ICS.
ICSJWG Spring Meeting
ICS-CERT recently published a notice concerning the date of the 2017 Spring meeting of the ICSJWG in Minneapolis, MN over April 11th thru 13th, 2017.