We have one new vendor disclosure this week for products
from HMS. We also have three vendor updates for products from Rockwell and
Schneider (2). We also have news of a possible cyberattack on Softing, a
control system vendor.
NOTE: The BLURtooth vulnerability is a currently unpatched
vulnerability in some implementations of the Bluetooth standard that allows attacker-in-the-middle
exploits. I expect that we will be seeing more vendor communications about this
vulnerability in the coming weeks, especially from medical device manufacturers
where the use of Bluetooth is more common.
Rockwell published an
update for their advisory on OSIsoft PI System vulnerabilities that was originally
published on May 12th, 2020. The new information includes new
version information for vulnerability mitigation.
• Adding remediation for
“EGX150/Link150 Ethernet Gateway”, “Acti9 PowerTag Link / HD”, “Acti9 Smartlink
SI D”, and “Acti9 Smartlink SI B”, and
• Adding PowerLogic EGX100 to
affected products list.
Schneider published an
update for their APC by Schneider Electric Network Management Cards
advisory that was originally
published on June 23rd, 2020 and most recently updated on
September 1st, 2020. The new information includes updated overview
section, available remediations and affected products tables (some affected
products were moved from the above advisory to this one).
When I checked the Softing
advisory web page today an interesting popup appeared. It said:
“Softing AG fell victim to targeted
cyber attacks through no fault of its own. Unknown perpetrators have invaded
the internal networks. In order to avoid possible damage to the IT
infrastructure, we have severely restricted the external communication options.
“For urgent inquiries we are still
available to our customers under the following contact details:
“Softing Industrial Automation: +49
A brief Google® search reveals no news items about this
As always with an attack on a control system vendor we have
to be concerned about the potential product security problems that could arise
from the compromise of the system. Access to product source code could allow
for easier vulnerability detection by the attacker or even possible
modification of that source code to insert vulnerabilities. Access to vendor
web site code could allow for the establishment of drive-by code. None of the above
is a given, but it does provide an area for potential concern, particularly if
the company is not completely forthcoming about the extent of the attack. Hopefully
we are just be early in the news cycle on this attack and more information will
become publicly available in the coming days.