We inspected 45 actively deployed Operational Technology (OT) product families from ten major vendors and found that every system suffers from at least one trivial vulnerability. We reported a total of 53 weaknesses, stemming from insecure by design practices or basic security design failures. They enable attackers to take a device offline, manipulate its operational parameters, and execute arbitrary code without any constraint. We discuss why vulnerable products are often security certified and appear to be more secure than they actually are, and we explain complicating factors of OT risk management.
翻译:我们检查了十个主要供应商的 45 种活跃部署的运营技术 (OT) 产品系列,并发现每个系统都至少存在一个微不足道的漏洞。我们报告了共计 53 个弱点,源于不安全的设计做法或基本的安全设计缺陷。它们让攻击者能够使设备下线、操作其操作参数并执行任意代码而不受任何约束。我们讨论了为什么易受攻击的产品经常获得安全认证,并且看起来比它们实际上更安全,并且我们解释了 OT 风险管理的复杂因素。
相关内容
微信扫码咨询专知VIP会员