A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Cisco Patches Six Critical Bugs in UCS Gear and 220 Series Smart Switches (threatpost)
Cisco urged users to patch two vulnerabilities that affect its small business 220 Series Smart switches (CVE-2019-1913 and (CVE-2019-1912). Both of the vulnerabilities are buffer overflows and an exploit for each is available online.
Researchers Manage to Steal Data from a Private Network by Connecting to the Guest Router (Consumer Affairs)
Study included routers from a variety of popular brands including Edimax, TP-Link and Linksys. Each router revealed the same thing: because the router ultimately hosts two networks, hackers can utilize shared channels between both of them to either steal information or share data between the two networks. Read the full academic paper here.
Researchers Bypassed a Siemens SIMATIC S7 PLC’s Cryptographic Communication (Security Week)
Israeli researchers have reverse-engineered the PLC network communication protocol. The most recent versions of the S7 protocol have cryptographic message integrity checks that should protect communication from malicious tampering. However, researchers managed to develop a rogue engineering workstation that mimicked the TIA Portal (the software the PLC communicate with), allowing it to interact with the PLC. Such a rogue workstation can be set up by an attacker who has access to the targeted organization’s network and the PLC.
Vulnerabilities in Google’s Nest Camera Allow DoS, Remote Code Execution, and More (threatpost)
Cisco Talos researchers find a total of 8 vulnerabilities in the security camera that would let an attacker on the same network hijack the device, force a denial-of-service, or disclose information.
Vulnerabilities Found in Siemens SCALANCE Industrial Switch Eevices (SecurityWeek)
The vulnerabilities could cause a DoS by repeatedly sending large message packets to the Telnet service. After the crash, the device is automatically restarted, disconnecting all connected devices from the network.