You are here

Home » Cybersecurity

Cybersecurity

Omron PLC CJ, CS and NJ Series (ICSA-19-346-03)

CISA has published an advisory on an improper restriction of excessive authentication attempts vulnerability in Omron PLC CJ, CS and NJ. All versions of all three products are affected. Successful exploitation of this vulnerability could allow an attacker to brute force login credentials, obtain unauthorized access of the system, and may allow an attacker unauthorized access to the FTP interface. Omron offers some measures to mitigate the mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerability.

Omron PLC CJ and CS Series (ICSA-19-346-02)

CISA has published an advisory on authentication bypass by spoofing, authentication bypass by capture-replay, and unrestricted externally accessible lock vulnerabilities in Omron PLC CJ and CS Series. All versions of both products are affected. Successful exploitation of this vulnerability may allow remote code execution. Omron offers some measures to mitigate the mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Advantech DiagAnywhere Server (ICSA-19-346-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a stack-based buffer overflow vulnerability in Advantech DiagAnywhere Server. Versions 3.07.11 and prior are affected. Successful exploitation of this vulnerability may allow remote code execution. Advantech has phased out DiagAnywhere Server Version 3.07.11 and removed it from its website. It has released Version 3.07.14 of DiagAnywhere Server to address the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Ten Tips to Securely Configure Your New Devices

Whether by taking advantage of retailers’ discounts or through gifting from family members or friends, many people will be the recipients of new cyber gadgets by the end of the present holiday season. Many of these people, in turn, will take these devices (particularly the mobiles ones) into their workplaces, potentially transferring any vulnerabilities they may have to their organizations. With this consideration in mind, WaterISAC encourages its members to review list of ten tips for securely configuring new devices from its partner, MS-ISAC.

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (ICSA-19-344-06) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on use of a broken or risky cryptographic algorithm and missing support for integrity check vulnerabilities in Siemens S7-1200 and S7-1500 CPU Families. Multiple versions of multiple products are affected. Successful exploitation of these vulnerabilities may allow an attacker to modify network traffic or impact the perceived integrity of the user program stored on the CPU. Siemens has released updates for some of the products and recommends users update to the new versions.

Siemens XHQ Operations Intelligence (ICSA-19-344-05) – Product Used in the Energy Sector

CISA has published an advisory on cross-site request forgery, improper neutralization of script-related HTML tags in a web page, and improper input validation vulnerabilities in Siemens XHQ Operations Intelligence products. All versions of the product are affected. Successful exploitation of these vulnerabilities could allow an attacker to read or modify contents of the web application. Siemens recommends users update XHQ Operations Intelligence product line to v6.0.0.2 or later. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens RUGGEDCOM ROS (ICSA-19-344-03)

CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer and resource management errors vulnerabilities in Siemens RUGGEDCOM ROS. All versions of multiple products are affected. Successful exploitation of these vulnerabilities could allow a denial-of-service condition or arbitrary code execution. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities.

Siemens SiNVR 3 (ICSA-19-344-02)

CISA has published an advisory on cleartext storage of sensitive information in GUI, improper authentication, relative path traversal, missing authentication for critical function, weak cryptography for passwords, and exposed dangerous method or function vulnerabilities in Siemens SiNVR. All versions of SiNVR Central Control Server and Video Server are affected.

Siemens SCALANCE W700 and W1700 (ICSA-19-344-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper enforcement of message integrity during transmission in a communication channel vulnerability in Siemens SCALANCE W700 and W1700. For SCALANCE W700, versions 6.3 and prior are affected. For SCALANCE W1700, versions 1.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to access confidential data. Siemens recommends installing the following software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity