Rapid SCADA Vulnerabilities
A number of critical vulnerabilities in the Rapid SCADA software suite has come to light. Successful exploitation could result in effectively taking over the system.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
Irish Water Utility Compromise
An attack targeting Unitronics programmable logic controllers (PLCs) left 160 households in rural Ireland without water for 2 days.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
Pennsylvania Water Utility Compromise
Booster stations that regulates and monitors water pressure for two towns in Pennsylvania was breached by a state-sponsored threat actor. The utility was alerted the utility to the intrusion, and took the affected system
offline.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
Permanent Vulnerabilities
Vendor failure and abandoned firmware are becoming more prevalent, leaving permanent vulnerabilities in their wake.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
KNX protocol vulnerability could lock out Building Automation Systems
CISA published details of a KNX protocol vulnerability that could be used to change device passwords, locking devices from legitimate access.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
CODESYS Vulnerabilities affecting wide range of products
Microsoft Threat Intelligence detected a number of vulnerabilities in Codesys SDK which affect a large number of products. Codesys is compatible with 1000 different PLCs from 500 different manufacturers.
The issues that can result in Remote Code Execution and Denial of Service were reported to Codesys in September 2022 and patches are available. The importance of the vulnerabilities is tempered somewhat as it requires authentication. If an adversary is able to authenticate, other lower complexity attacks would most likely be in play.
Splice shields vulnerable equipment inside and encrypted overlay network, disrupting the kill-chain for would-be attackers.
Dead Man’s PLC attack
Researchers have described a novel “dead man’s PLC attack” where a compromise can detect recovery attempts and “lock-up” the entire environment.
Splice detects the lateral movement attempts and anomalous inter-PLC communications as part of the attack design during dwell time, providing advanced notice in the early stages of such an attack.
Schneider EcoStruxure, Modicon vulnerabilities
CISA advised that Schneider has released patches for CVE-2022-45788 affecting various models of EcoStruxure Process Expert, EcoStruxure Control Expert, Modicon M580, Modicon Momentum Unity M1E Processor, Modicon M340 CPUs and Modicon MC80 CPUs.
Splice shields vulnerable OT equipment inside an encrypted overlay network.