Industrial Systems Scrambling To Catch Up With Meltdown, Spectre

Some confessions, but 'watch this space' is the more common reaction - when there is one Vendors of industrial system

The Unpatchable Exploit That Makes Every Current Nintendo Switch Hackable
Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet
APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign

Some confessions, but ‘watch this space’ is the more common reaction – when there is one

Vendors of industrial systems have joined the long list of vendors responding responses to the Meltdown and Spectre processor vulnerabilities.

So far, a dozen vendors have told ICS-CERT they use vulnerable processors, and The Register imagines there will be plenty more to come.

Gold stars go to just two vendors: Smiths Medical, which has determined that none of its products are vulnerable; and OSISoft, whose PI System is vulnerable, and whose advisory includes anticipated performance impacts.

Emerson Process and General Electric treat their responses as customer information only, and keep them hidden behind a regwall. So does Rockwell, for what it’s worth, but the latter company at least spoke to The Register about the impact on its systems).

Another seven vendors in the market said they are “investigating” the impact – ABB, Abbott, Johnson & Johnson (added points for giving the advisory a 2017 timestamp), Philips, Schneider Electric, and Siemens.

As readers know, the bugs arose out of how processors implement speculative execution. Patches are a giant headache for vendors and users alike, causing both performance and stability issues. ®

Go to Source

COMMENTS