You are here

Home » Cybersecurity

Cybersecurity

AVEVA InduSoft Web Studio and InTouch Machine Edition (ICSA-18-200-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition. For InduSoft Web Studio, v8.1 and v8.1SP1 are affected. For InTouch Machine Edition, V2017 8.1 and v2017 8.1 SP1 are affected. These products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

ICS Monitoring - Detect Potential TRITON/TRISIS Activity

Utilities with more mature monitoring capabilities may be interested in a new tool by Nozomi Networks, a Wireshark plug-in developed to detect TriStation protocol traffic on the network, the TriStation Protocol Plug-in for Wireshark. Wireshark, a widely used open source network packet analyzer commonly used for network troubleshooting and analysis, is extremely useful for advanced malware analysis, including detecting TRITON/TRISIS/HatMan activity.

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client (ICSA-18-198-03)

The NCCIC has released an advisory on an improper authentication vulnerability in PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client. All models of these products are affected. Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code. PEPPRL+FUCHS recommends users follow guidelines it has posted about addressing the vulnerabilities.

WAGO e!DISPLAY Web-Based-Management (ICSA-18-198-02) – Product Used in the Energy Sector

The NCCIC has released an advisory on cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO e!DISPLAY Web-Based-Management. Versions 762-300, 762-3001, 762-3002, and 762-3003 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.

ABB Panel Builder 800 (ICSA-18-198-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper input validation vulnerability in ABB Panel Builder 800. All versions of this product are affected. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.

How Can an ISAC Improve Cybersecurity and Resilience?

An article from IBM describes information sharing and analysis centers (ISAC) (specifically identifying WaterISAC among a selection of ISACs) and how they can contribute to improving the cybersecurity of an organization. The article emphasizes that joining an ISAC allows organizations to share knowledge about incidents and threats, increase their maturity levels, network and develop contacts, and join forces with others in their sector or area.

Pages

Subscribe to Cybersecurity