Icefall: 56 flaws impact thousands of exposed industrial devices


Level 37
Thread author
Top poster
Feb 4, 2016
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments.

The Icefall collection has been discovered by security researchers at Forescout's Vedere Labs and it impacts devices from ten vendors. The type of security flaws included allow remote code execution, compromising credentials, firmware and configuration changes, authentication bypass, and logic manipulation.

Affected vendors count Honeywell, Motorola, Omron, Siemens, Emerson, JTEKT, Bentley Nevada, Phoenix Contract, ProConOS, and Yokogawa. They have been notified in a responsible disclosure coordinated by Phoenix Contact, CERT VDE, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Over the past few years, the type of systems impacted by Icefall has become a more frequent target of specialized malware Industroyer 2 and CaddyWiper, both deployed not to long ago by Russian hackers against Ukrainian power plants.

Overview of vulnerabilities​

The flaws discovered by Vedere Labs concern primarily credential security, firmware manipulation, and remote code execution, while manipulating configuration and creating a denial-of-service (DoS) state account for a lower number.