3S-Smart Software Solutions GmbH CODESYS V3 (Update A) (ICSA-19-213-04)
May 14, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
August 6, 2019
Cybersecurity
Siemens SIPROTEC 5 and DIGSI 5 (Update C) (ICSA-19-190-05) – Products Used in the Energy Sector
May 12, 2020
CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.
December 10, 2019
CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.
Siemens SINAMICS (Update C) (ICSA-19-227-04) – Products Used in the Water and Wastewater and Energy Sectors
May 12, 2020
CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.
December 10, 2019
CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager (Update A) (ICSA-19-255-02)
May 12, 2020
CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.
September 12, 2019
Interpeak IPnet TCP/IP Stack (Update D) (ICSA-19-274-01) – Products Used in the Water and Wastewater Sector
May 12, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
February 18, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
December 10, 2019
Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update A) (ICSA-20-105-08) – Products Used in the Water and Wastewater and Energy Sectors
May 12, 2020
CISA has updated this advisory with additional information on the affected products. Read the advisory at CISA.
April 16, 2020
Eaton Intelligent Power Manager (ICSA-20-133-01) – Product Used in Energy Sector
CISA has published an advisory on improper input validation and incorrect privilege assignment vulnerabilities in Eaton Intelligent Power Manager. Versions 1.67 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations. Eaton has released Intelligent Power Manager v1.68 to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Microsoft Releases May 2020 Security Updates
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Microsoft Edge (EdgeHTML and Chromium-based), ChakraCore, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI. Read the advisory at Microsoft.
VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager
VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigations.
Top Ten Routinely Exploited Vulnerabilities
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert of the top ten routinely exploited vulnerabilities observed by it and the FBI and the broader U.S. government. The vulnerabilities are categorized into groupings for the top ten exploited from 2016 to 2019 and in 2020. Unsurprisingly, much of the activity observed in 2020 has exploited vulnerabilities in virtual private networks and cloud collaboration services, which are increasingly in use given unprecedented levels of remote work during the COVID-19 pandemic.
Pages
