all InfoSec news
Insecure by Design in the Backbone of Critical Infrastructure. (arXiv:2303.12340v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
We inspected 45 actively deployed Operational Technology (OT) product
families from ten major vendors and found that every system suffers from at
least one trivial vulnerability. We reported a total of 53 weaknesses, stemming
from insecure by design practices or basic security design failures. They
enable attackers to take a device offline, manipulate its operational
parameters, and execute arbitrary code without any constraint. We discuss why
vulnerable products are often security certified and appear to be more secure
than they …
attackers basic code critical critical infrastructure design device discuss enable infrastructure insecure insecure by design major operational operational technology practices product products security system technology vendors vulnerability vulnerable