The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU#730261 for more information and refer to vendors for appropriate updates, when available.
The NCCIC has published an advisory on an improper input validation vulnerability in Rockwell Automation EtherNet/IP Web Server Modules. For 1756-EWEB (includes 1756-EWEBK), versions 5.001 and prior are affected. For CompactLogix 1768-EWEB, versions 2.005 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. Rockwell Automation recommends that affected users disable the SNMP service if not in use.
The NCCIC has published an advisory on an improper input validation vulnerability in Siemens SIMATIC S7-1500 CPU. For SIMATIC S7-1500, versions 1.8.5 and prior are affected. For SIMATIC S7-1500, versions prior to 2.5, down to an including 2.0, are affected. Successful exploitation of these vulnerabilities could allow a denial of service condition of the device. Siemens recommends users upgrade to Version 2.5 or newer. Users who cannot upgrade because of hardware restrictions are recommended to apply the manual mitigations.
The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities in WECON LeviStudioU. Versions 1.8.56 and prior are affected. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code. WECON has produced an updated version to fix the reported problems. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.
The NCCIC has published an advisory on missing authentication for critical function and resource injection vulnerabilities in AVEVA InduSoft Web Studio and InTouch Edge HMI. For InduSoft Web Studio, versions prior to 8.1 SP3 are affected. For InTouch Edge HMI, versions prior to the 2017 update are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary process using a specially crafted database connection configuration file.
An article in Risk Management provides an overview of a software supply chain and describes how an attack against one could occur. The article observes that even companies with robust cybersecurity programs can be vulnerable to these attacks, which can be perpetrated by an adversary inserting malicious code into an otherwise legitimate software application. These activities can lead to data leaks or even physical effects, with threat actors potentially gaining access to an organization’s network.
Ransomware victims who opt to pay their attackers for the promise of a decryption key forked over, on average, $6,733 during the fourth quarter of 2018, up 13 percent from the previous quarter, reports ransomware incident response firm Coveware. However, Coveware cautions that not all payments resulted in victims receiving a decryption key or successfully decrypting data. Most security experts and police recommend that ransomware victims never pay, warning that doing so directly funds cyber crime and further ransomware research and development.
In its 2019 Cyber Threat Outlook, consulting company Booz Allen Hamilton dedicates a section of its report to cybersecurity challenges among U.S. water utilities, which it says have made them “The New Target of Cyber Attacks” by nation state threat actors.
The National Security Agency (NSA) has released a Cybersecurity Advisory providing updated guidance for addressing side-channel vulnerabilities that affect Intel, AMD, ARM, and IBM processors. Side-channel vulnerabilities exploit weaknesses in speculative execution to leak information, potentially allowing for account permission protocols, virtualization boundaries, and protected memory regions to be bypassed. Spectre and Meltdown, which were disclosed in January 2018, are an example of this kind of vulnerability.
January 31, 2019
The NCCIC has updated this advisory with information on how this vulnerability was discovered. NCCIC/ICS-CERT.
October 17, 2018
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
