#gainetconsult — Public Fediverse posts

🔎 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗲𝗱

Our Technical Security Audit team has identified a vulnerability in 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀:
⚠️ The USB port may allow attacks due to improper bandwidth limitation.

📌 Description:
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. During this restart the protection function is not available.

📄 The full advisory is available here: https://www.gai-netconsult.de/wp-content/uploads/2025/09/Advisory-GAINC-2025-001-1.0.pdf

⚠️ Please follow the manufacturer’s guidance and updates.

🌐 An overview of further advisories can be found on our website: www.gai-netconsult.de/advisories

👏 Congratulations to our colleagues 𝗠𝗮𝗿𝗰 𝗖𝘂𝗻𝘆 and 𝗧𝗼𝗿𝗮𝗹𝗳 𝗚𝗶𝗺𝗽𝗲𝗹 for this discovery.

#CyberSecurity #SecurityAdvisory #Vulnerability #ITSecurity #GAINetConsult #SecurityNotice

🔐 Practical Industrial Security: Real-World Lessons from Complex HVDC Projects

We’re excited to announce that our colleague Jan Grotelüschen (GAI NetConsult GmbH) will be speaking at the Industrial Security Conference 2025 in Copenhagen, alongside Simon Gustafson (Amprion GmbH) and co-author Stephan Beirer (GAI NetConsult GmbH).

🎤 Topic of the presentation:
Staying on course in a volatile environment: OT security in complex large-scale HVDC projects – a real-life example

https://insightevents.dk/isc-cph/sessions/staying-on-course-in-a-volatile-environment-ot-security-in-complex-large-scale-hvdc-projects-a-real-life-example/

⚡ At a glance:

Amprion is currently implementing massive offshore grid connection projects such as BorWin4/DolWin4 and BalWin1/BalWin2. These high-voltage direct current (HVDC) lines span up to 380 km and deliver 5.8 GW of power per project – enough to supply electricity to nearly 6 million people.
In this presentation, the speakers, who are largely responsible for the specification and monitoring of the implementation of OT security for this HVDC project, will present the projects itself and report on the cyber security challenges and lessons learnt.

🔍 Key OT Security Challenges Covered:
• Dynamic regulation: Adapting to evolving frameworks like NIS-2, RCE, CRA – even mid-project
• Technology vs. longevity: IT/OT convergence meets decades-long system life cycles
• Managing uncertainty: Constant change in technologies, requirements, and stakeholders

📌 This session provides real-world insights into securing critical infrastructure under real conditions – including what worked, what didn’t, and how lessons learned are shaping better security strategies.

🔗 More about the industrial security conference: https://www.linkedin.com/company/industrial-security-conference-cph/posts/?feedView=all

#OTSecurity #CriticalInfrastructure #HVDC #CyberSecurity #EnergyTransition #ICSCPH #GAINetConsult #Amprion #NIS2 #CRA #IndustrialSecurity