Nozomi reveals browser HMI risks, finishes CVE study with AiLux

TLDR:

• Nozomi Networks Labs outlined the top eleven risks of implementing browser-based HMIs in controlled OT settings.
• The study concluded with the publication of vulnerabilities found in AiLux RTU62351B and analyzed browser-based HMIs across five high-profile vendors.

Industrial Cyber article highlights the findings of Nozomi Networks Labs’ study on the top risks associated with browser-based HMIs in operational technology settings. The study identified eleven major security risks inherent in these systems, which include vulnerabilities like Cross-Site Scripting and mismanagement of file operations. The white paper also emphasizes the importance of addressing these risks to maintain the integrity and resilience of industrial control systems. Additionally, the study discusses the implications of these vulnerabilities, including the potential for attackers to gain complete control over HMIs and manipulate industrial processes. The study also provides insights into the importance of addressing security vulnerabilities in browser-based HMIs to protect critical infrastructure and industrial systems.