author photo
By SecureWorld News Team
Tue | Jun 21, 2022 | 10:58 AM PDT

U.S. CISA and Forescout are warning of serious vulnerabilities discovered in OT (operational technology) systems from 10 global manufacturers, including Honeywell, Siemens, Motorola, and Ericsson.

The Register reports:

Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries.

The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities.

Forescout's Vedere Labs discovered the bugs in devices built by ten vendors in use across the security company's customer base, and collectively named them OT:ICEFALL. According to the researchers, the vulnerabilities affect at least 324 organizations globally – and in reality this number is probably much larger since Forescout only has visibility into its own customers' OT devices.

In addition to the previously named manufacturers, the researchers found flaws in products from Bently Nevada, Emerson, JTEKT, Omron, Phoenix Contact, and Yokogawa.