GE Historian Software Vulnerabilities Can be Exploited by Hackers

Hackers now have the capability to exploit vulnerabilities in General Electric’s (GE) Historian software. Such vulnerabilities could potentially be utilized for industrial espionage, disruption, or other malicious activities. The GE Historian software is designed to maintain a record of data from industrial control systems (ICS) and analysis of these records. With this capability, hackers can gain access to data from automation systems and control mechanisms. The access can then be exploited in various ways, such as to disrupt service, conduct industrial espionage, or even compromise the ICS. The vulnerability in the GE Historian software was discovered by cybersecurity experts at Positive Technologies. They researchers discovered that the GE Historian has certain algorithms that can be exploited by nefarious actors. If a hacker were to gain access to these algorithms, they could then craft malicious control messages to control any publicly accessible Historian server. By utilizing this vulnerability, the hacker can gain access to industrial secrets, disrupt the service, and even sabotage ICS. The vulnerability in the GE Historian software is a serious problem for many industrial organizations since the software is essential for maintaining records of industrial processes. Oftentimes, the only way for organizations to detect and mitigate such vulnerabilities is through vigilance and effective cybersecurity measures. As such, it is important for organizations to have a comprehensive cybersecurity plan in place, which includes periodic checks for any potential vulnerabilities to the GE Historian software. Additionally, organizations should provide security trainings to their staff and regularly update the software to ensure that the latest security measures are in place. In conclusion, hackers can now exploit the vulnerabilities of the General Electric Historian software for malicious activities, such as industrial espionage and disruption. Organizations should, therefore, take all the necessary measures to ensure that security systems are up to date, and that staff is regularly trained in cybersecurity to minimize the risk of exploitation.

This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000

Cyber News related to GE Historian Software Vulnerabilities Can be Exploited by Hackers

GE Historian Software Vulnerabilities Can be Exploited by Hackers - Hackers now have the capability to exploit vulnerabilities in General Electric’s (GE) Historian software. Such vulnerabilities could potentially be utilized for industrial espionage, disruption, or other malicious activities. The GE Historian ...
1 year ago Securityweek.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com

Rockwell Automation FactoryTalk Historian SE - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. FactoryTalk Historian SE utilizes the AVEVA PI Server, which contains a vulnerability that could allow an ...
6 months ago Cisa.gov

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com

What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
11 months ago Pandasecurity.com

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com

CVE-2021-27395 - A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All ...
3 years ago

CVE-2017-5155 - An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation ...
5 years ago

newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
5 months ago Securityaffairs.com

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
5 months ago Securityaffairs.com

How To Secure Your ManageEngine Software from Known Exploited Vulnerabilities Catalog - Software providers and IT systems administrators are always looking for ways to keep their networks safe. The ever-evolving threat landscape and increasing sophistication of malicious hackers make security a key concern. Among the many technologies ...
1 year ago Securityaffairs.com

Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
11 months ago Hackread.com

Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
11 months ago Bleepingcomputer.com

Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
6 months ago Securityaffairs.com

Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com

Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
11 months ago Bloomberg.com

The Crucial Need for a Secure Software Development Lifecycle in Today's Digital Landscape - In today's increasingly digital world, software is the backbone of business operations, from customer-facing applications to internal processes. The rapid growth of software development has also made organizations more vulnerable to security threats. ...
10 months ago Cyberdefensemagazine.com

Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
5 months ago Securityaffairs.com

Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
11 months ago Bbc.com

Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
11 months ago Bleepingcomputer.com

Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
5 months ago Securityaffairs.com

newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
5 months ago Securityaffairs.com

Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
4 months ago Securityweek.com

Latest Cyber News

CVE-2024-52739 - 20 hours ago
CVE-2018-9483 - 20 hours ago
CVE-2018-9485 - 20 hours ago
CVE-2018-9487 - 20 hours ago
CVE-2018-9470 - 20 hours ago
CVE-2018-9472 - 20 hours ago
CVE-2018-9477 - 20 hours ago
CVE-2024-11492 - 21 hours ago
CVE-2024-52770 - 21 hours ago
CVE-2024-52796 - 21 hours ago
CVE-2024-52769 - 21 hours ago
CVE-2024-51162 - 21 hours ago
CVE-2024-52725 - 21 hours ago
CVE-2024-11491 - 21 hours ago
CVE-2024-11490 - 21 hours ago
CVE-2024-11488 - 22 hours ago
CVE-2024-11486 - 22 hours ago
CVE-2024-11487 - 22 hours ago
CVE-2024-11485 - 22 hours ago
CVE-2024-52471 - 23 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-52282 - 2 days ago
CVE-2024-11278 - 1 day ago
CVE-2024-9653 - 1 day ago
CVE-2024-10515 - 1 day ago
CVE-2024-52614 - 1 day ago
CVE-2024-9239 - 1 day ago
CVE-2024-10855 - 1 day ago
CVE-2024-10899 - 1 day ago
CVE-2024-10900 - 1 day ago
CVE-2024-11277 - 1 day ago
CVE-2024-48895 - 1 day ago
CVE-2024-47865 - 1 day ago
CVE-2024-52033 - 1 day ago
CVE-2024-11176 - 1 day ago
CVE-2024-10126 - 1 day ago
CVE-2024-10127 - 1 day ago
CVE-2024-11179 - 1 day ago
CVE-2024-11494 - 1 day ago
CVE-2024-10665 - 1 day ago
CVE-2024-10891 - 1 day ago