The NCCIC has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.
March 20, 2018
The NCCIC has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.
February 27, 2018
The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision API. PI Web API versions 2017 R2 and prior are affected. Successful exploitation of these vulnerabilities could allow escalated privileges and may allow remote code execution. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1 or PI AF Services 2017 R2 Update 1, which both address the PI Web API vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision. PI Vision versions 2017 and prior are affected. Successful exploitation of these vulnerabilities could allow remote code execution and expose information. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Data Archive. OSIsoft PI Data Archive versions 2016 R2 and prior are affected. Successful exploitation of these vulnerabilities could cause loss of network access to the device or allow escalated privileges that may result in gaining full control of the PI Data Archive server. OSIsoft recommends that customers upgrade to PI Data Archive 2017 R2. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
ICS-CERT has released an advisory on vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension. Numerous versions of these product are affected. Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities. For EN100 Ethernet module IEC 61850 variant (all versions prior to V4.30), Siemens recommends users update to V4.30.
ICS-CERT has released an advisory on an Eaton ELCSoft vulnerability. ELCSoft versions 2.04.02 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. Eaton has released new firmware for ELCSoft. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
ICS-CERT has released an advisory on a Schneider Electric SoMove Software and DTM Software vulnerability. Numerous versions of this product are affected. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. Schneider Electric has provided updates for the affected software packages. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
ICS-CERT has released an advisory on a Hirschmann Automation and Control GmbH Classic Platform Switches vulnerability. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow the attacker to hijack web sessions, impersonate a legitimate user, receive sensitive information, and gain access to the device. Hirschmann strongly recommends users restrict access to remote management access and apply a series of mitigation measures.
ICS-CERT has released an advisory on a Delta Electronics Delta Industrial Automation DOPSoft vulnerability. Delta Industrial Automation DOPSoft version 4.00.01 and prior are affected. Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution. Delta Electronics recommends affected users update to the latest version of DOPSoft Version 4.00.04. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
