June 20, 2023Ravi Lakshmananoperational technology

Three security vulnerabilities have been identified in operational technology (OT) products from Wago and Schneider Electric.

According to Forescout, these defects are part of a broader set of defects collectively referred to as “defects.” OT: Icefallcurrently comprising a total of 61 issues across 13 different vendors.

“OT:ICEFALL demonstrates the need for greater oversight and improvement of processes related to secure design, patching and testing at OT device vendors,” the company said. Said In a report shared with The Hacker News.

The most serious of the flaws are CVE-2022-46680 (CVSS score: 8.8). This is about cleartext transmission of credentials in his ION/TCP protocol used in Schneider Electric’s electricity meters.

cyber security

Successful exploitation of this bug could allow an attacker to gain control of a vulnerable device. It is worth noting that CVE-2022-46680 is one of his 56 flaws that were first discovered by his Forescout in June 2022.

operational technology

Two other new security holes (CVE-2023-1619 and CVE-2023-1620CVSS score: 4.9) is related to a denial of service (DoS) bug affecting WAGO 750 controllers, in which an authenticated attacker can send certain malformed packets or specific requests after logging out to May activate this bug.

In conclusion of the OT:ICEFALL study, Forescout found that vendors still lack a basic understanding of secure-by-design practices, release incomplete patches, and fail to implement proper security testing procedures. pointing out that there is no

“This is alarming because as OT products begin to implement security controls and eventually gain certification, their perception of their security posture changes and the urgency to compensate for controls decreases. , because it can lead to a false sense of security,” the company said.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog