Напомню, что ранее было выпущено адвайзори (
A portion of the reported issues involve commands being transmitted using the International Organization for Standardization Transport Service Access Point (ISO-TSAP) protocol. According to ICS-CERT analysis, the ISO-TSAP protocol is functioning to specifications; however, authentication is not performed nor are payloads encrypted or obfuscated. Like ISO-TSAP, many protocols used in industrial control systems (ICSs) were designed with interoperability in mind and were intentionally designed without security features to be as open as possible. As a result, improving ICS security may require extensive architectural changes, including the addition of built-in or layered-on techniques to enhance protocol security. Changes necessary to improve protocol security could negatively impact interoperability and performance.