You are here

Entes EMG 12 (ICSA-18-275-03) – Product Used in the Energy Sector

Entes EMG 12 (ICSA-18-275-03) – Product Used in the Energy Sector

Created: Wednesday, October 3, 2018 - 11:50
Categories:
Cybersecurity

The NCCIC has released an advisory on improper authentication and information exposure through query strings in GET request vulnerabilities in Entes EMG 12. EMG Ethernet Modbus Gateway Firmware versions 2.57 and prior are affected. Successful exploitation of these vulnerabilities may allow attackers to gain unauthorized access and could allow the ability to change device configuration and settings. Entes recommends that users update to the latest available firmware version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.