Impacted industries include manufacturing, nuclear, power generation and more.
Forescout has discovered 56 vulnerabilities, collectively dubbed Icefall. This affects devices from 10 operational technology (OT) vendors, including Honeywell, Ericsson, Motorola and Siemens.
Industries impacted by Icefall include manufacturing, nuclear, power generation and more. Forescout‘s Vedere Labs made the discovery.
Vedere Labs divided the Icefall vulnerabilities into four main categories: insecure engineering protocols; weak cryptography or broken authentication schemes; insecure firmware updates; and remote code execution via native functionality.
Daniel dos Santos is head of security research at Vedere Labs.
“The damage is highly dependent on the industry being attacked,” he said. “In the report, we discuss three scenarios: natural gas transport, wind power generation and manufacturing.”
Vedere Labs divided the impact of the Icefall vulnerabilities into three categories, dos Santos said. Those include:
Based on data from customer networks, manufacturing is the most impacted vertical, dos Santos said. This isn’t surprising given the nature of these devices.
“The next most impacted verticals (health care, retail and government) are a bit surprising,” he said. “But that is because they rely heavily on building automation systems for their large facilities. Building automation is an often forgotten type of OT that is present in nearly every organization nowadays.”
Many vendors are moving to more secure designs, dos Santos said. In addition, some of the vendor advisories will recommend either patches or moving to more recent alternatives.
“Nevertheless, both patching and replacing systems are challenging in OT because of the impact they have on running processes,” he said. “Systems often have to be taken offline for patching. Patching often has to wait months for a maintenance window while replacing a system may incur a large engineering effort.”
Vendors have started issuing advisories about the Icefall vulnerabilities in coordination with the Cybersecurity and Infrastructure Security Agency (CISA).
“Each advisory contains the recommended mitigation actions for the affected products,” dos Santos said.
Vedere Labs recommends that organizations …
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.