A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems.

A series of remotely exploitable vulnerabilities – including clear text passwords – exist in a set of Honeywell SCADA systems.

ICS-CERT warns of default credentials in Schneider Electric Wonderware Historian that can be abused to compromise Historian databases.

Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack.

Schneider Electric has recommended a number of mitigations to ward off two critical vulnerabilities in its Magelis HMI products.

Researchers find a vulnerability in industrial control system manufacturer Schneider Electric’s flagship software for managing and programing industrial controls.

The head of an international nuclear energy consortium said this week that a cyber attack caused a ‘disruption’ at a nuclear power plant in the last several years.

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs). PLC-Blaster was designed to target Siemens SIMATIC...

An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy, and a smart building in Israel hosting luxury apartments. The investigation, conducted by researchers at Internet Wache of Berlin, started in the fall of 2015 as a search for...

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week. ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions. Siemens, the German...