Today the DHS ICS-CERT published a control system security
advisory for the Honeywell Process Knowledge System (PKS). They also issued a
warning about the potential for distributed denial of service (DDOS) attacks on
internet facing industrial control system products.
Honeywell Advisory
This advisory
describes an improper input validation vulnerability in the Honeywell Experion
Process Knowledge System (PKS) platform. This is apparently a self-reported
vulnerability. Honeywell has produced patches to mitigate the vulnerability.
ICS-CERT reports that a moderately skilled attacker could
remotely exploit this vulnerability to prevent the Experion PKS client tools
from uploading firmware to Series-C devices.
ICS DDOS Warning
ICS-CERT posted
a very short and very generic warning about the potential for DDOS attacks on
internet facing control systems or components thereof. This is based upon the
US-CERT report
about recent very large DDOS attacks. There is no information provided that
indicates a specific threat against ICS.
ICSJWG Spring Meeting
ICS-CERT recently published a
notice concerning the date of the 2017 Spring meeting of the ICSJWG in
Minneapolis, MN over April 11th thru 13th, 2017.
Posts
No comments:
Post a Comment