https://community.isc2.org/t5/Threats/Researchers-Uncover-Major-Security-Vulnerabilities-in-Industrial/m-p/74470#M1384 <P>Hi All</P><P>&nbsp;</P><P>Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (<A href="https://en.wikipedia.org/wiki/Manufacturing_Message_Specification" target="_blank" rel="noopener">MMS</A>) protocol that, if successfully exploited, could have severe impacts in industrial environments.</P><P>"The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera Mens said in a new analysis.</P><P>MMS is an <A href="https://sisconet.com/wp-content/uploads/2016/03/mmsovrlg.pdf" target="_blank" rel="noopener">OSI application layer messaging protocol</A> that enables remote control and monitoring of industrial devices by exchanging supervisory control information in an application-agnostic manner.</P><P>Specifically, it allows for communication between intelligent electronic devices (<A href="https://en.wikipedia.org/wiki/Intelligent_electronic_device" target="_blank" rel="noopener">IEDs</A>) and supervisory control and data acquisition (SCADA) systems or programmable logic controllers (PLCs).</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/10/researchers-uncover-major-security.html" target="_blank">https://thehackernews.com/2024/10/researchers-uncover-major-security.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Fri, 11 Oct 2024 05:13:37 GMT Caute_cautim 2024-10-11T05:13:37Z https://community.isc2.org/t5/Threats/Researchers-Uncover-Major-Security-Vulnerabilities-in-Industrial/m-p/74470#M1384 <P>Hi All</P><P>&nbsp;</P><P>Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (<A href="https://en.wikipedia.org/wiki/Manufacturing_Message_Specification" target="_blank" rel="noopener">MMS</A>) protocol that, if successfully exploited, could have severe impacts in industrial environments.</P><P>"The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera Mens said in a new analysis.</P><P>MMS is an <A href="https://sisconet.com/wp-content/uploads/2016/03/mmsovrlg.pdf" target="_blank" rel="noopener">OSI application layer messaging protocol</A> that enables remote control and monitoring of industrial devices by exchanging supervisory control information in an application-agnostic manner.</P><P>Specifically, it allows for communication between intelligent electronic devices (<A href="https://en.wikipedia.org/wiki/Intelligent_electronic_device" target="_blank" rel="noopener">IEDs</A>) and supervisory control and data acquisition (SCADA) systems or programmable logic controllers (PLCs).</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/10/researchers-uncover-major-security.html" target="_blank">https://thehackernews.com/2024/10/researchers-uncover-major-security.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Fri, 11 Oct 2024 05:13:37 GMT https://community.isc2.org/t5/Threats/Researchers-Uncover-Major-Security-Vulnerabilities-in-Industrial/m-p/74470#M1384 Caute_cautim 2024-10-11T05:13:37Z