16 matches found
What Happens When a Nuclear Site Is Hit?
As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf...
Schneider Electric EcoStruxture IT Data Center Expert
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
CVE-2025-24008
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including...
AttentionGuard: Transformer-Based Misbehavior Detection for Secure Vehicular Platoons
Vehicle platooning, with vehicles traveling in close formation coordinated through Vehicle-to-Everything V2X communications, offers significant benefits in fuel efficiency and road utilization. However, it is vulnerable to sophisticated falsification attacks by authenticated insiders that can...
Schneider Electric Trio Q Licensed Data Radio
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric PowerLogic P5
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Traffic Alert and Collision Avoidance System (TCAS) II
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 2. VULNERABILITY SUMMARY By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed...
Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters Cleartext Transmission of Sensitive Information (CVE-2022-46680)
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. This plugin only works with Tenable.ot. Please visit...
From open Guest Wi-Fi to pwning a lift
…or why validating network segregation is critical TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated. A single firewall rule bypassed some well configured VLANs and...
What’s most interesting about the Florida water system hack? That we heard about it at all.
Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this weeks news about a hacker who tried to poison a Florida towns water supply was understandably front-page material. But for security nerds whove been warning about this sort of...
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation
Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...
Oil-and-Gas APT Pivots to U.S. Power Plants.
A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part...
ICS Attackers Set To Inflict More Damage With Evolving Tactics
Future attacks on industrial control system ICS networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remain...
Baltimore City Shuts Down Most of Its Servers After Ransomware Attack
For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access...
Lemur Vehicle Monitors BlueDriver Security Bypass Vulnerability
Lemur Vehicle Monitors BlueDriver is a product that scans aftermarket automotive equipment as well as vehicle performance information through an OBD-II port connected to the Vehicle. Lemur Vehicle Monitors BlueDriver handles Bluetooth connections without requiring a PIN code, allowing a remote...
Expert Advises Caution on SCADA Security Hysteria
TORONTO–The months-long hysteria over Stuxnet and its hyper-sophistication and passel of unknown vulnerabilities has had the effect of creating a secondary wave of panic about the vulnerability of industrial control and SCADA systems. But the concern about spontaneous utility outages and...