CRITIFENCE Technologies News
5 articlesClearEnergy Ransomware Targets Critical Infrastructure, SCADA and Industrial Control Systems
growth-negative
Security Firm Discloses Unpatched Flaws in Schneider HMI Product SecurityWeek.Com
A cybersecurity startup has disclosed two unpatched denial-of-service vulnerabilities affecting Schneider Electrics Magelis HMI panels. The vulnerabilities, known as PanelShock, allow attackers to cause the devices to enter a DoS condition by sending specially crafted HTTP requests. Schneider Electric has classified the flaws as high severity and has provided recommendations on how to mitigate possible attacks. The company has yet to release patches, but a new version of the Vijeo Designer software without these vulnerabilities will be released in March 2017. Last week, researchers also found serious vulnerabilities in Schneiders Unity Pro software platform and its ConneXium industrial firewalls.
CustomersPartners
growth-negative
Cyber-flaws in Schneider HMIs could allow attacks - Drives and Controls Magazine
Cyber-security researchers have found vulnerabilities in Schneider Electric’s Magelis HMIs that could allow attackers to freeze the panels remotely and prevent them from communicating with PLCs and other devices, potentially affecting the operation of industrial plants. The vulnerabilities, named PanelShock, were identified in April 2016 and Schneider Electric has been working to mitigate and remediate the problem. Schneider has issued a security bulletin and is offering users advice on mitigations to minimize the risks. Owners of affected panels will be able to upgrade their software in March 2017 to a new version that will be immune from the vulnerabilities.
Customers
growth-negative
Freeze ...SCADA! Flaw lets hackers peel away Human Machine Interface
Security researchers have discovered a serious vulnerability in industrial control kit from Schneider Electric. The flaw, dubbed PanelShock, affects all the Magelis HMI series and can cause the system to crash. The vulnerabilities were discovered by researchers from Check Point and cybersecurity startup Critifence. Schneider Electric has confirmed the potential DDoS risk and has issued an advisory to customers offering mitigation advice. A more comprehensive fix is not due until March 2017.
Customers
growth-negative
PanelShock 0-day flaw puts thousands Schneider Electric products at risk
Security researchers have discovered major cyber security vulnerabilities affecting Schneider Electric, one of the worlds largest manufacturers of SCADA and Industrial Control Systems. The vulnerabilities, known as PanelShock, allow attackers to remotely freeze and disconnect HMI panel devices from the SCADA network. This can lead to wrong actions being performed by operators and potential damage to factory or plant operations. Schneider Electrics Magelis Advanced HMI Panel series is affected by the vulnerabilities. The company has confirmed the vulnerabilities and is working on a software update. The disclosure of the vulnerabilities has a negative impact on the companys growth.
Customers