Cybersecurity

The NCCIC has published an advisory on use of hard-coded credentials vulnerability in ABB CP651 HMI. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node. ABB recommends users apply the BSP update on affected CP600 control panels at their earliest convenience.

The NCCIC has published an advisory on Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, and Untrusted Pointer Dereference vulnerabilities in Advantech WebAccess/SCADA. Versions 8.3.5 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, deletion of files, and remote code execution. Advantech has released Version 8.4.1 of WebAccess/SCADA to address the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.

The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The report observes that many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.

According to a new report from cybersecurity company Radware, company executives now recognize cybersecurity as a key business driver as demonstrated by the increasing amount of attention and effort they’re dedicated to the topic. Radware reported that 98 percent of executives claim some management responsibility for cybersecurity, with 72 percent indicating that information security is an agenda item for every board meeting.