Cybersecurity Alert: Emerson and Fanuc Devices Vulnerable to OT:ICEFALL Exploits
CISA’s new advisory on the “OT:ICEFALL” report reveals vulnerabilities in Emerson’s PACSystem and Fanuc devices. Issues include cleartext transmission of sensitive info and unverified data authenticity. Mitigations are suggested. Beware: your industrial control systems might need a cybersecurity makeover!
Hot Take:
Looks like Emerson’s PACSystem has decided to compete in the “Most Glaring Vulnerabilities” Olympics. And it’s coming in strong with a multi-event performance involving cleartext credentials and firmware free-for-alls. Bravo, truly a gold medal-worthy performance in the field of ‘Oops, we did it again!’ cybersecurity gaffes.
Key Points:
- Emerson’s PACSystem has several vulnerabilities, including cleartext transmission of credentials and insufficient verification of data authenticity.
- Exploits could lead to remote code execution, loss of sensitive information, or denial-of-service conditions.
- Vulnerabilities affect multiple versions of PACSystem products and Fanuc VersaMax.
- Mitigations include enabling secure protocols, limiting network exposure, and employing physical security measures.
- No known public exploitation has been reported to CISA at this time.
Already a member? Log in here