Icefall: 56 flaws impact thousands of exposed industrial devices


Level 37
Thread author
Top Poster
Feb 4, 2016
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments.

The Icefall collection has been discovered by security researchers at Forescout's Vedere Labs and it impacts devices from ten vendors. The type of security flaws included allow remote code execution, compromising credentials, firmware and configuration changes, authentication bypass, and logic manipulation.

Affected vendors count Honeywell, Motorola, Omron, Siemens, Emerson, JTEKT, Bentley Nevada, Phoenix Contract, ProConOS, and Yokogawa. They have been notified in a responsible disclosure coordinated by Phoenix Contact, CERT VDE, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Over the past few years, the type of systems impacted by Icefall has become a more frequent target of specialized malware Industroyer 2 and CaddyWiper, both deployed not to long ago by Russian hackers against Ukrainian power plants.

Overview of vulnerabilities​

The flaws discovered by Vedere Labs concern primarily credential security, firmware manipulation, and remote code execution, while manipulating configuration and creating a denial-of-service (DoS) state account for a lower number.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.