Nozomi Networks Labs
Defending Critical Infrastructure Against Cyber Risk
Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.

Vulnerability Advisories
Hitachi Energy Relion 670, 650 and SAM600-IO Series Buffer Overflow During Update Process – CVE-2022-3864
- by Nozomi Networks
- March 3, 2023
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service..
Sewio RTLS Studio Use of Hard-coded Password – CVE-2022-45444
- by Nozomi Networks
- February 8, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 and later contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.
Sewio RTLS Studio Improper Input Validation – CVE-2022-43455
- by Nozomi Networks
- February 7, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.
Labs Blogs

19 New Vulnerabilities Found in SEL Real Time Automation Controllers

The Malice of Security as an Afterthought: New Medical Cybersecurity Regulations and Guidelines

The Challenges of the Vulnerability Assessment Process in ICS Space
Webinars & Podcasts

Insights on the Top OT/IoT Security Threats – How to Protect Your Operations

Insights on the Top OT/IoT Security Threats – How to Protect Your Operations

P2P Botnets: Following the Network Trail Webinar Nozomi Networks
Tools
Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity
- by Nozomi Networks
- April 14, 2020
New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.
- Assertions for COVID-19 Network Indicators – Queries that check for communications with malicious IP addresses and URLs
- Assertions for Remote Access Monitoring – Queries that check the number of simultaneous remote connections and generate alerts if the number surpasses a threshold.
COVID-19 Malware: OT and IoT Threat Intelligence
- by Nozomi Networks
- April 7, 2020
To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.
- COVID-19 themed Network Indicators – Network IOCs (Indicators of Compromise)
- COVID-19-Themed Ransomware Rules – Yara rules for detecting coronavirus ransomware
- COVID-19 Informer Malware Rules– Yara rules for detecting COVID-19 Informer malware
- COVID-19-Themed Hash – List of hashes that detect malicious files
- COVID-19 Chinoxy Backdoor Malware – SNORT rule for detecting network infection
URGENT/11 Nmap NSE Script for Detecting Vulnerabilities
- by Nozomi Networks
- September 5, 2019
- Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.
- Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.
Research Projects
TRITON
- by Nozomi Networks
- September 9, 2022
GreyEnergy
- by Nozomi Networks
- September 9, 2022
IEC 62351
- by Nozomi Networks
- September 8, 2022
Threat Intelligence
Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.
Andrea Carcano & Moreno Carullo
Co-founders, Nozomi Networks
Let's get started
Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.