Insecure by Design in the Backbone of Critical Infrastructure. (arXiv:2303.12340v1 [cs.CR])

We inspected 45 actively deployed Operational Technology (OT) product
families from ten major vendors and found that every system suffers from at
least one trivial vulnerability. We reported a total of 53 weaknesses, stemming
from insecure by design practices or basic security design failures. They
enable attackers to take a device offline, manipulate its operational
parameters, and execute arbitrary code without any constraint. We discuss why
vulnerable products are often security certified and appear to be more secure
than they …

attackers basic code critical critical infrastructure design device discuss enable infrastructure insecure insecure by design major operational operational technology practices product products security system technology vendors vulnerability vulnerable