Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
July 17, 2018
The NCCIC has updated this advisory with additional details on affected products. NCCIC/ICS-CERT.
June 21, 2018
The NCCIC has released an advisory on an improper authentication vulnerability in PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client. All models of these products are affected. Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code. PEPPRL+FUCHS recommends users follow guidelines it has posted about addressing the vulnerabilities.
The NCCIC has released an advisory on cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO e!DISPLAY Web-Based-Management. Versions 762-300, 762-3001, 762-3002, and 762-3003 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.
The NCCIC has released an advisory on an improper input validation vulnerability in ABB Panel Builder 800. All versions of this product are affected. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.
An article from IBM describes information sharing and analysis centers (ISAC) (specifically identifying WaterISAC among a selection of ISACs) and how they can contribute to improving the cybersecurity of an organization. The article emphasizes that joining an ISAC allows organizations to share knowledge about incidents and threats, increase their maturity levels, network and develop contacts, and join forces with others in their sector or area.
On July 13, 2018, U.S. Director of National Intelligence Dan Coats stated that the U.S.’s digital infrastructure is under constant attack from foreign entities including China, Iran and North Korea, but he singled out Russia as the “most aggressive” one, highlighting the country’s reported efforts to use hacking and information campaigns to influence U.S. elections. But Coats also warned against having tunnel vision focused on the elections, noting that foreign actors continually target other aspects of U.S. critical infrastructure.
The FBI’s Internet Crime Complaint Center (IC3) has updated its Public Service Announcement (PSA) on the threat of Business Email Compromise scams. This latest PSA includes updated statistical data for the time frame of October 2013 to May 2018, which includes the estimate that during this period total domestic and international losses to the scam have amounted to over $12 billion.
ICS cybersecurity firm Dragos offers notes to consider regarding last weeks’ report of the Ukrainian chlorine facility incident (reported by WaterISAC on Thursday, July 12), most notably on-going questions regarding the role VPNFilter malware, as reported, played in the event.
The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
