Cybersecurity

The NCCIC has published an advisory on use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities in Orpak SiteOmat. Versions prior to 6.4.414.122 and 6.4.414.084 are affected. Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.

A report from cybersecurity company Coveware provides some interesting statistics on ransomware incidents that were experienced in the first quarter of 2019. Coveware found the average ransom for these incidents increased by nearly 90% to $12,762, as compared to $6,733 in the fourth quarter of 2018. According to Coveware, this reflected increased infection by more expensive types of ransomware, including Ryuk, which are typically used in targeted attacks on larger organizations.

The NCCIC has released an advisory on uncontrolled resource consumption and stack-based buffer overflow vulnerabilities in Rockwell Automation CompactLogix 5370. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to render the web server unavailable and/or place the controller in a major non-recoverable faulted state (MNRF).

The NCCIC has published an advisory on an open redirect vulnerability in Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to input a malicious link redirecting users to a malicious website. Rockwell Automation has released a security advisory with mitigation steps. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.