Cybersecurity

The NCCIC has released an advisory on an improper input validation vulnerability in ABB Panel Builder 800. All versions of this product are affected. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.

On July 13, 2018, U.S. Director of National Intelligence Dan Coats stated that the U.S.’s digital infrastructure is under constant attack from foreign entities including China, Iran and North Korea, but he singled out Russia as the “most aggressive” one, highlighting the country’s reported efforts to use hacking and information campaigns to influence U.S. elections. But Coats also warned against having tunnel vision focused on the elections, noting that foreign actors continually target other aspects of U.S. critical infrastructure.

ICS cybersecurity firm Dragos offers notes to consider regarding last weeks’ report of the Ukrainian chlorine facility incident (reported by WaterISAC on Thursday, July 12), most notably on-going questions regarding the role VPNFilter malware, as reported, played in the event.

Automation.com recently reached out to Eaton on the status of a strategic partnership they entered with Underwriters Laboratories (UL) in February 2018, to advance cybersecurity for power management technologies, and help establish measurable cybersecurity standards for network-connected power management products and systems. The first fruits of their labor include a research and testing facility where Eaton’s products are tested in a specialized lab for compliance with industry cybersecurity requirements before they are installed in critical systems.