ERCOT Warns MPs Of Cybersecurity Incident At Market Participant
October 17, 2022 Email This Story Copyright 2010-21 EnergyChoiceMatters.com
Reporting by Paul Ring • email@example.com
The following story is brought free of charge to readers byEC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com
ERCOT issued a market notice stating that, on October 14, 2022, at approximately 4:30 p.m., ERCOT was informed by a Market Participant (disclosing MP) that the MP’s Internet-facing firewalls had been compromised.
"This did not affect the disclosing MP's operations nor was there any indication the attacker pivoted to any other systems," ERCOT's notice stated
"ERCOT's computer network and systems were not affected by this event and the Texas power grid was not impacted," ERCOT's notice stated
"The disclosing MP indicated that their firewalls had been compromised by an attacker that exploited a newly disclosed vulnerability, CVE-2022-40684. The incident was confined to two sites owned by the disclosing MP and the disclosing MP was able to identify and contain the compromise. The disclosing MP is in the process of restoring the affected firewalls to a known-good configuration," ERCOT's notice stated
ERCOT's notice stated that, "The firewall vendor, Fortinet, released an updated advisory on 10/10/22 indicating that an authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager was actively being exploited and urged customers to apply the recommended update or workaround."
"ERCOT urges MPs that use Fortinet products to immediately review the advisory and apply the recommended fixes as soon as practicable. If there is indication of compromise, the vendor should be contacted for assistance," ERCOT said in the notice