Applied Risk launches ICS/SCADA Security Lab

Applied Risk launches ICS/SCADA Security Lab

New ICS/SCADA Security Lab detects multiple vulnerabilities in industrial control systems and collaborates with vendor to fix reported security flaws

Applied Risk, an established leader in industrial control systems (ICS) security, has announced the launch of its ICS Security Lab to help protect industrial assets and infrastructure from costly cyber attacks. The lab has identified its first vulnerability in Moxa EDS-405A/EDS-408A-managed Ethernet switches, allowing attackers to remotely compromise their availability, integrity and confidentiality with potentially devastating consequences for connected industrial assets across multiple sectors.

The ICS Security Lab identified three key vulnerabilities, detailed in its latest advisory. The first is in the administrative web interface of the switches. The control that prevents a user-level account from modifying settings could be easily circumvented to allow increased privileges. Another is a denial-of-service (DoS) issue that could allow an attacker to cause a device to restart via a specific URL. The third vulnerability is a cross-site scripting (XSS) bug in the administrative web interface which can be exploited to inject arbitrary JavaScript code in the admin interface.

Jalal Bouhdada, Founder and Principal ICS/SCADA Security Consultant for Applied Risk states:

“Responsible disclosure and collaboration with vendors is the optimum approach for ensuring any and all security flaws are highlighted in hardware and software. The positive response from the vendor and its professionalism throughout the process has helped Applied Risk and Moxa to validate and issue a fix for all reported security flaws.”

‎Based in Amsterdam, Applied Risk’s new ICS Security Lab delivers unique market and threat analysis across the chemical, manufacturing, pharmaceutical, power, water, oil and gas sectors. With the latest vulnerability research, reverse-engineering protocol and source code analysis techniques, its expert team of researchers are now able to provide early warning of emerging ICS threats and detail their legitimacy, while confirming affected code bases, products, versions and configurations.

Vulnerable and infected ICS systems can be identified too, along with exploit attempts or malware activity. Part of the lab’s service also involves remediation activities, including workarounds and configuration changes to safeguard systems for both suppliers and system owners.

Erwin Paternotte, Senior ICS/SCADA Consultant at Applied Risk, states,

“Left unchecked, the Moxa vulnerabilities and similar threats could have disastrous consequences. You are effectively handing a facility’s keys to an attacker – giving them full use of your operating infrastructure. The problem can sometimes lie in issues as simple as the use of default passwords, hard-coded encryption keys or the poor authentication of firmware updates. As seen with Moxa, our lab is dedicated to identifying vulnerabilities as part of the product development and ensuring security updates are issued by the vendor in the shortest time possible.”

Launched in conjunction with the ICS Security Lab, the Online ICS Cyber Security Awareness Training platform from Applied Risk is designed to establish a widespread and deep-rooted industrial control systems security culture across organisations. It introduces participants to the challenges of technology convergence, before dealing with a threat’s real-world impact, the anatomy of a cyber attack and how the defence-in-depth concept is applied to businesses.

Other training options outline the techniques for mitigating cyber risks, while identifying key elements for addressing process control system security and good practice principles. The online training is provided in a SCORM-compliant format and can be hosted either in an organisation’s own compliant learning management system (LMS) or in Applied Risk’s own hosted platform.

Jalal Bouhdada continued:

“No matter the industry sector, for businesses to create the most secure and reliable operations, training is a necessity. Staff must learn how to contribute to an environment that at its core is secure by design, secure by default and secure by deployment. With the appropriate ICS security education in place, organisations are in a significantly stronger position to protect their industrial facilities against prevalent security risks and associated costs while enhancing compliance and demonstrating resilience.”

[su_button url=”http://www.applied-risk.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Applied Risk[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Christina Alexander Judge - SecurityBuyer

Christina Alexander Announced as Security Buyer Awards Judge

Security Buyer is proud to announce Christina Alexander as the latest addition to the distinguished judging panel for the Security…
Milestone - SecurityBuyer

Milestone Systems updates across XProtect, BriefCam, Arcules

Milestone Systems today announced updates across its complete security technology portfolio with releases for XProtect
Big Interview Abdullah Tanoli

Big Interview – Hero of Leicester Square

Rebecca Spayne of Security Buyer has the privilege of speaking with a real-life hero, Abdullah Tanoli, the hero of Leicester Square..
Altronix - SecurityBuyer

Altronix POE367 Delivers 277VAC Support

Altronix has expanded its power product line with the new POE367 power supply/charger designed specifically for 277VAC input environments.
IFPO x GSA - Security Buyer

New Corporate Members for IFPO

The Global SecurAlliance (GSA)summer meeting on 16 June was held again at the stunning Château de Méry-sur-Oise on the outskirts of Paris.
Product Spotlight - HID

Product Spotlight – HID

Access control is evolving into a smart, responsive platform—integrating embedded apps, IoT, and cybersecurity to deliver…
Genetec

Genetec brings new capabilities to Security Center SaaS

Genetec announced new updates to Security Center SaaS, the company’s enterprise-grade Security-as-a-Service (SaaS) solution..
I-Pro

i-PRO Launches Revamped EMEA Partner Program

i-PRO announced a major expansion of its EMEA Partner Program. The move supports i-PRO’s long-term growth strategy and…
ASIs international

ASIS International Introduces New ANSI-Approved Investigations Standard

ASIS International, a leading authority in security standards, is excited to announce the release of its revised American National Standards.
Gallagher Security and Yusuf Bin Ahmed Kanoo Company Limited sign MOU in Riyadh

Gallagher Security MOU with Yusuf Bin Ahmed Kanoo Company

Gallagher Security is proud to announce the signing of a Memorandum of Understanding (MOU) with Yusuf Bin Ahmed Kanoo Company…
Scroll to Top