AVEVA Vijeo Citect and Citect SCADA (Update A) (ICSA-19-290-01) – Product Used in the Energy Sector

Author: Charles Egli

Created: Thursday, December 19, 2019 - 21:38

Categories: Cybersecurity

December 19, 2019

CISA has updated this advisory with additional details on the affected equipment, the risk evaluation, the affected products, and mitigation measures. Read the advisory at CISA.

October 22, 2019

CISA has published an advisory on a stack-based buffer overflow vulnerability in AVEVA Vijeo Citect and Citect SCADA. Versions 4.14.02 and prior are affected. The IEC870IP driver for Vijeo Citect and Citect SCADA has a buffer overflow that could cause a server-side crash. Vijeo Citect and Citect SCADA users using the IEC870IP driver v4.14.02 and prior are affected and should upgrade to the IEC870IP driver v4.15.00 as soon as possible. Additionally, CISA recommends a list of actions to mitigate this vulnerability. Read the advisory at CISA.