Industrial IoT (ICS) Vendors Release Alerts in Light of INFRA:HALT Bugs

The Infra:Halt bugs, which affects up to 200 vendors of industrial control system technology, is a family of 14 bugs which allow compromise of the affected systems.

The majority of the bugs are rated high or critical and could allow for remote code execution, stealing information and other attacks.

This includes, potentially, crashing the vulnerable devices and disrupting the factory, warehouse, refinery or other system using the vulnerable software.

The company who owns the vulnerable software learned about the bugs last year and released patches in May. A year has passed since they were notified with nothing being patched yet.

Remember, owners of these types of devices rarely patch and when they do, it takes them a long time, so these attacks will be possible for years.

Schneider Electric, Siemens, Rockwell and Phoenix Contact have all released alerts. Each vendor has different bugs and a different timeline for fixing the bugs and different ways to reduce the risk until fixes are released and installed. See the article in Security Week for more details or contact the manufacturer.

Note that while the focus is on places like factories and refineries and places like that, the bugs affect around 200 vendors, so a lot more than just that.