Back

Exposed Modbus ICS Devices Heighten Risks to Critical Infrastructure

Severity: High (Score: 68.0)

Sources: Securityaffairs.Co, Scworld

Summary

A report reveals that 179 internet-exposed industrial control systems (ICS) using the Modbus protocol are vulnerable across 20 countries, with the majority located in the U.S., Sweden, and Turkey. The Modbus protocol lacks encryption and authentication, making these devices susceptible to unauthorized access and manipulation. Notably, one device is part of a national railway network, while others are linked to power grid infrastructures in both Asia and Europe. Researchers from Comparitech warn that attackers can exploit these vulnerabilities to read and write to holding registers without authentication. The presence of malware targeting ICS, such as Stuxnet and Industroyer, further exacerbates the risk of disruption and sabotage. The findings indicate a significant threat to critical infrastructure entities, necessitating immediate attention from security professionals. Key Points: • 179 Modbus ICS devices exposed across 20 countries, primarily in the U.S. • Modbus protocol lacks encryption and authentication, increasing vulnerability. • Malware like Stuxnet and Industroyer poses additional risks to critical infrastructure.

Key Entities

  • Malware (attack_type)
  • Sweden (country)
  • Turkey (country)
  • BlackEnergy (malware)
  • Havex (malware)
  • Industroyer (malware)
  • Stuxnet (malware)
  • Triton (malware)
  • Modbus (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed