This vulnerability impacts GE Cimplicity, and possibly Advantech/Broadwin WebAccess, and Siemens WinCC. It targets the Cimplicity “.cim” files.
The US Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT) recently released an alert regarding malware that is targeting popular human-machine interfaces (HMIs) of industrial control systems. Based on a variant of the BlackEnergy malware toolkit, the malware infects HMI systems that have a direct connection to the Internet. Numerous vendors’ products have been targeted in a campaign that appears to have been going on since 2012. Read more…
There is no known impact to Survalent SCADA.