The Crain/Sistrunk disclosed vulnerabilities from fuzzing of master stations have all been related to DNP3 protocol stacks … until today. ICS-CERT announced the first Modbus protocol stack vulnerability from Project Robus. Welcome to the party Modbus.
We normally don’t bother commenting on ICS-CERT alerts or advisories, but since we broke that rule already … the latest advisory update on an Allen Bradley denial of service vuln is another reminder that vulns and patching matter little in this insecure by design world. Why worry about a vuln that can cause a denial of service when an adversary can send a legitimate EtherNet/IP Stop CPU command?
Siemens and McAfee announced they “are extending their partnership to enhance the security offerings for industrial customers to protect against rapidly evolving global cyber threats.” Hard to tell if this is marketing fodder or more. The ICS vendors are choosing partners to work with for application white listing, security monitoring and other solutions. Symantec and McAfee being the major players along with the newest Lockheed/Industrial Defender combo.
Innominate’s mGuard was one of the first industrial field firewalls. At Hannover Messe this week they announced support for OPC. The “OPC Inspector masters the complex connection tracking of OPC dialogues across their changing ports and connection directions, thus enabling an effective control and filtering of OPC based on the stateful inspection firewall principle”. They sell a virtual machine software version in addition to the physical, industrial rated module.