CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

CISA has released multiple corresponding Industrial Controls Systems Advisories (ICSAs) to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.  

CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.

• ICSA-22-172-02 : JTEKT TOYOPUC
• ICSA-22-172-03 : Phoenix Contact Classic Line Controllers
• ICSA-22-172-04 : Phoenix Contact ProConOS and MULTIPROG
• ICSA-22-172-05 : Phoenix Contact Classic Line Industrial Controllers
• ICSA-22-172-06 : Siemens WinCC OA
• ICSA-22-174-01 : Yokogawa STARDOM
• ICSA-22-179-02 : Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
• ICSA-22-179-04 : Motorola Solutions MOSCAD IP and ACE IP Gateways
• ICSA-22-179-05 : Motorola Solutions MDLC
• ICSA-22-179-06 : Motorola Solutions ACE1000
• ICSA-22-181-03 : Emerson DeltaV Distributed Control System
• ICSA-22-188-02 : Bently Nevada ADAPT 3701/4X Series and 60M100
• ICSA-22-207-02 : Honeywell Safety Manager
• ICSA-22-207-03 : Honeywell Saia Burgess PG5 PCD
• ICSA-22-221-02 : Emerson ControlWave
• ICSA-22-221-03 : Emerson OpenBSI
• ICSA-22-223-04 : Emerson ROC800, ROC800L and DL8000