Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.
Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.
The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as 'secure by design' or have been certified with OT security standards.
Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains, and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk
Daniel dos Santos, Head of Security Research, Vedere Labs