Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#573168 and apply the necessary updates.
The NCCIC has published an advisory on an improper authentication vulnerability in ABB M2M ETHERNET. For FW, version 2.22 and prior are affected. For ETH-FW, versions prior to 1.01 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to upload a malicious language file. ABB recommends installing the device in accordance with the latest instructions from the updated technical manual. NCCIC/ICS-CERT.
The NCCIC has published an advisory on an improper authentication vulnerability in ABB CMS-770. All versions prior to 1.7.1 are affected. Successful exploitation of this vulnerability may allow an attacker to read sensitive configuration files that may lead to code execution on the device. ABB recommends installing the device in accordance with the latest instructions from the updated technical manual. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.
The NCCIC has published an advisory on a missing authentication for critical function vulnerability in Siemens TIM 1531 IRC Modules. All versions prior to 2.0 are affected. Successful exploitation of this vulnerability could allow an attacker to perform arbitrary administrative operations. Siemens recommends upgrading to firmware v2.0. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC has published an advisory on use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities in 3S-Smart Software Solutions GmbH CODESYS V3 products. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to disguise the source of malicious communication packets and also exploit a random values weakness affecting confidentiality and integrity of data stored on the device.
The NCCIC has published an advisory on an improper access control vulnerability in 3S-Smart Software Solutions GmbH CODESYS Control V3 Products. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow unauthorized access and exfiltration of sensitive data including user credentials. 3S-Smart Software Solutions GmbH recommends activating the CODESYS Control online user management and encryption of the online communication. 3S-Smart Software Solutions GmbH recommends updating to the latest software Version 3.5.14.0 or newer.
The NCCIC has published an advisory on an improper input validation vulnerability in Advantech WebAccess/SCADA. WebAccess/SCADA version 8.3.2 installed on Windows 2008 R2 SP1 is affected. Successful exploitation of this vulnerability could cause a stack buffer overflow condition. Advantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC has published an advisory on missing authentication for critical function and cross-site scripting vulnerabilities in ABB GATE-E2. GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018) are affected. Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise the availability of the device, read or modify registers and settings, or change the device configuration. ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL).
December 18, 2018
The NCCIC has updated this advisory with additional information on mitigation measures. NCCIC/ICS-CERT.
May 3, 2018
The NCCIC has updated this advisory with additional details on technical details, mitigation measures, and the NCCIC’s own recommendations. NCCIC/ICS-CERT.
April 17, 2018
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
