Industrial Control Systems at risk

Industrial Control Systems at risk
Industrial Control Systems at risk from new Remote Desktop Services vulnerability

Today Microsoft took the unusual step of releasing security updates for Windows XP, Windows 7 as well as Windows Server 2003 and 2008 to address a serious security issue with Remote Desktop Services.  This vulnerability can be executed remotely and with no user interaction.  The advice from Microsoft is:

"If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows"

In 2017, a very similar vulnerability was exploited by the WannaCry worm which infected hundreds of thousands of machines shutting down several hospitals in the UK as well as Telefonica and other high profile companies.

Industrial Control Systems are particularly vulnerable to these threats because they often have remote desktop services enabled, are often running obsolete versions of windows, may not have regular backups taken and are not regularly patched because in a lot of cases they don't have direct internet access.  Some people believe that because a server or PC is not directly connected to the internet, that it is not at risk, however worms like WannaCry are able to quickly jump from machine to machine inside networks, so all it takes is for a user somewhere on the network to be infected and your plant floor systems can be taken down.

If you are concerned about the risk to your business please contact Crossmuller for a no obligation assessment of your control system and automation infrastructure.

You might also like these articles

Citect to Wonderware Migration
Citect to Wonderware Migration
3 minute read
A leading Australian Food and Beverage company approached Crossmuller to upgrade an Allen-Bradley PLC5 control system and partner stand-alone CITECT SCADA system which included rudimentary recipe mana...
Solved: PLC with High Speed, High Volume Data Tracking
Solved: PLC with High Speed, High Volume Data Tracking
6 minute read
How do we generate, track and add value to process and product data at very high speeds in a PLC?
Crossmuller Successfully Delivers Another Team-Based Project
Crossmuller Successfully Delivers Another Team-Based Project
3 minute read
For this project, teamwork with tight cohesion amongst team-members and working in partnership with the customer commissioning teams was a very rewarding experience.