"Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings."
"Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly."
Ten vulnerabilities in Copeland E2 and E3 controllers could enable unauthenticated remote code execution with root privileges and permit attackers to manipulate temperatures, spoil food and medicine, and disrupt supply chains. The flaws, named Frostbyte10, affect controllers managing compressor groups, condensers, walk-in units, HVAC, and lighting in thousands of devices across major supermarket chains and cold storage companies. Operational technology security firm Armis reported the issues to Copeland, and Copeland released firmware updates that fix the vulnerabilities. Copeland recommends upgrading to firmware version 2.31F01 and moving from end-of-life E2 units to E3; CISA is issuing advisories urging immediate patching.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]