The National Cybersecurity Center of Excellence (NCCoE) at the National Institute for Standards and Technology (NIST) has released the final version of the Cybersecurity Practice Guide SP 1800-23, Energy Sector Asset Management. With this guide, the NCCoE intends to enhance the energy sector’s asset management capabilities for operational technology (OT).
CISA has published an advisory on missing authentication for critical function, improper ownership management, and inadequate encryption strength vulnerabilities in Emerson OpenEnterprise. All versions through 3.3.4 are affected. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer and SQL injection vulnerabilities in Rockwell Automation EDS Subsystem. Numerous products and version of these products are affected. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition. Rockwell Automation recommends a series of measures to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
It’s no surprise that COVID-19-related issues are continuing to be used in cyber criminals’ activities, such as with the lures in phishing emails sent to victims. But the scale of the COVID-19-related cyber attacks continues to astound, with IBM’s Security Intelligence reporting it has seen a significant spike in this activity on a week-to-week basis.
Yesterday U.S. Department of Justice, FBI, and U.S. Small Business Administration (SBA) officials warned the public about potential fraud schemes related to economic stimulus programs intended to assist small business owners during the COVID-19 pandemic. “During these unprecedented times, when small business owners impacted by COVID-19 are doing their best to keep their businesses afloat, it is easy to fall prey to scammers.
CISA has published an advisory on an improper access control vulnerability in Emerson WirelessHART Gateway. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could disable the internal gateway firewall. Once the gateway's firewall is disabled, a malicious user could issue specific commands to the gateway, which could then be forwarded on to the end user's wireless devices. Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.
CISA has published an advisory on external control of file name or path, improper verification of cryptographic signature, improper access control, uncontrolled search path element, and improper authorization vulnerabilities in Opto 22 SoftPAC Project. Versions 9.6 and prior are affected. Successful exploitation of these vulnerabilities could allow arbitrary file write access with system access, start or stop service, allow remote code execution, and limit system availability. Opto 22 released PAC Project 10.3 to address the vulnerabilities.
May 14, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
August 6, 2019
May 12, 2020
CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.
December 10, 2019
CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.
May 12, 2020
CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.
December 10, 2019
CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
