July 14, 2020
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
December 10, 2019
CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.
November 18, 2019
July 14, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
August 16, 2019
Poll questions asked during last week’s Creating a Cybersecurity Culture webinar indicated that many members have a strong cybersecurity culture and are not complacent in executing security awareness programs that promote behavioral changes. This is highly encouraging and a positive indicator of successful outcomes. However, the poll questions did not distinguish between IT or OT culture.
Conti is a new family of ransomware believed to be based on code from Ryuk’s second version. Conti also uses the same ransom note its predecessor used in earlier attacks and reportedly leverages the same Trickbot infrastructure. Conti was recently observed by the Carbon Black Threat Analysis Unit (TAU). Most notably, Conti’s attributes appear to be better and faster than most malware families, as it allows up to 32 simultaneous encryption efforts, resulting in faster encryption of targeted files.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about a previously undisclosed vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.
CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Phoenix Contact Automation Worx Software Suite. PC Worx version 1.87 and prior and PC Worx Express version 1.87 and prior are affected. Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application. Phoenix Contact recommends a series of steps to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on an improper restriction of XML external entity reference vulnerability in Rockwell Automation Logix Designer Studio 5000. Versions 32.00, 32.01, and 32.02 are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to craft a malicious file, which when parsed, could lead to some information disclosure of hostnames or other resources from the program.
July 9, 2020
CISA has updated this advisory with details on the affected products. Read the advisory at CISA.
June 11, 2020
CISA has published an advisory on missing authentication for critical function and unprotected storage of credentials vulnerabilities in Grundfos CIM 500. All versions prior to v06.16.00 are affected. Successful exploitation of these vulnerabilities could allow access to cleartext credential data. Grundfos recommends updating to firmware v06.16.00 and to change user credentials after updating. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer, session fixation, NULL pointer dereference, improper access control, argument injection, and resource management errors vulnerabilities in Mitsubishi Electric GOT2000 Series. GT27, GT25, and GT23 are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition or remote code execution. Mitsubishi recommends users follow as series of steps to update CoreOS to the latest version.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
