CISA has published an advisory on an untrusted search path vulnerability in Flexera InstallShield. Versions through 2015 SP1 are affected. CISA’s advisory also notes that Flexera InstallShield is integrated into many products sold by other companies. Successful exploitation of this vulnerability could allow execution of a malicious DLL.
CISA has published an advisory on an out-of-bounds read vulnerability in LCDS LAquis SCADA. Versions prior to 4.3.1.870 are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. LCDS recommends users update to Version 4.3.1.870 or later. CISA also advised on a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on session fixation, improper privilege management, weak password requirements, cleartext transmission of sensitive information, improper restriction of excessive authentication attempts, and exposure of sensitive information to an unauthorized actor vulnerabilities in MOXA NPort IAW5000A-I/O Series. Firmware Version 2.1 or lower is affected.
October 13, 2020
CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.
May 10, 2018
The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.
April 5, 2018
October 13, 2020
CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.
September 8, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
October 13, 2020
CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.
September 9, 2020
Welcome to week two of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its tribute to National Cybersecurity Awareness Month (NCSAM). Today we briefly touch on less of a fundamental and more of a slightly advanced topic called Consequence-driven Cyber-informed Engineering (CCE), which comes in at #6 (Install Independent Cyber-Physical Safety Systems) in the 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.
October 13, 2020
CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.
September 9, 2020
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an alert on recently-observed activity involving an advanced persistent threat actor exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability – CVE-2020-1472 – in Windows Netlogon. CISA explains this is a commonly-used tactic, known as “vulnerability chaining,” in which multiple vulnerabilities are exploited in the course of a single intrusion to compromise a network or application.
QNAP Systems has released security updates to address vulnerabilities in QNAP Helpdesk. An attacker could exploit these vulnerabilities to take control of an affected QNAP network-attached storage (NAS) device. CISA encourages users and administrators to review QNAP Security Advisory QSA-20-08 and apply the necessary updates.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
