Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Power plant ICS threatened by an easy remotely exploitable flaw

The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller. Vulnerable SCADA and industrial control systems represent the entry point in critical infrastructure for hacking attacks. In many cases, patch management of these systems is very complex and in some specific scenarios known flaws could not be fixed for various […]

Nova Scotia Power

The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller.

Vulnerable SCADA and industrial control systems represent the entry point in critical infrastructure for hacking attacks. In many cases, patch management of these systems is very complex and in some specific scenarios known flaws could not be fixed for various technical reasons.

Recently and ‘unpatchable’ vulnerabilities have been discovered in an industrial control system (ICS) used in many power plants. The bad news is that the flaw has been publicly disclosed and the exploit code has been already released.

The flaw could be exploited remotely and allow attackers to gain control of the target network, due to the risk related the exploitation the US Computer Emergency Response Team is planning to release a specific alert.

The security researcher Maxim Rupp reported a flaw in the Environmental Systems Corporation 8832 data controller for versions 3.02 and older, it has been coded as CVE-2016-4502 and ranked as a high-severity vulnerability due to the impact on the targeted infrastructure.

“Independent researcher Maxim Rupp has identified data controller vulnerabilities in the Environmental Systems Corporation (ESC) 8832 Data Controller. ESC acknowledged that Balazs Makany reported these vulnerabilities on February 18, 2015. ESC has stated the ESC 8832 Data Controller has no available code space to make any additional security patches; so, a firmware update is not possible.” reads the notice issued by the US-CERT. “ESC has released an advisory that identifies compensating controls to reduce risk of exploitation of the reported vulnerabilities.

ICS ESC 8832 Data Controller

The US-CERT is warning that an attacker with a low skill would be able to exploit these vulnerabilities as demonstrated in the PoC code published by Balazs Makany in the Exploit DataBase.

As explained in the advisory the flaw could not be fixed so organizations using the flawed devices need to substitute it or have to restrict remote access monitoring the attack surface.

Below the mitigation actions suggested by US-CERT:

“ESC’s recommendation for mitigation is to upgrade the device. Alternatively, block Port 80 with a firewall in front of the device. Another alternative is to educate operators and users to not use the web interface for device management, because there are other means to manage the device. A security advisory is available to ESC users on the ESC support web site (login required):”

www.envirosys.com(link is external).

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ICS, SCADA)