Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
High
Analysis Summary
Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Impact
Uncontrolled Resource Consumption
Affected Vendors
Affected Products
Remediation
PHOENIX CONTACT
Phoenix Contact acknowledges this as a “known, won’t fix” issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality.
https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info
/ah_en_industrial_security_107913_en_01.pdf
ABB
ABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog,
SIEMENS
Siemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs.
WAGO
WAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.
SCHNEIDER ELECTRIC
Fixes are available in the Modicon M221 firmware v1.10.0.0 and the EcoStruxure Machine Expert – Basic v1.0 software (formerly SoMachine Basic) using either of the following options:
https://www.schneider-electric.com/en/download/document/Machine_Expert_Basic