Select Page

Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric.

The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors.

“OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to secure design, patching and testing in OT device vendors,” the company said in a report shared with The Hacker News.

The most severe of the flaws is CVE-2022-46680 (CVSS score: 8.8), which concerns the plaintext transmission of credentials in the ION/TCP protocol used by power meters from Schneider Electric.

images from Hacker News