You are here

Home » Cybersecurity

Cybersecurity

Delta Electronics PMSoft (ICSA-18-116-01)

The NCCIC has released an advisory on vulnerabilities in Delta Electronics PMSoft. All versions prior to 2.10 are affected. Successful exploitation of these vulnerabilities could cause the application to crash; stack-based buffer overflow conditions may allow arbitrary code execution. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of the vulnerabilities.

Tags: 
nccic ics-cert delta electronics

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer (ICSA-18-116-02) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on vulnerabilities in WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer. WECON LeviStudioU version 1.10, part of WECON LeviStudioU 1.8.29 and prior, and PI Studio HMI Project Programmer Build from November 11, 2017 to prior, are affected. Successful exploitation of these vulnerabilities could allow remote code execution. WECON recommends that users update to the latest version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of the vulnerabilities.

Tags: 
nccic ics-cert wecon

Advantech WebAccess HMI Designer (ICSA-18-114-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on vulnerabilities in Advantech WebAccess HMI Designer. Versions 2.1.7.32 and earlier are affected. Successful exploitation of these vulnerabilities may allow an attacker to remotely execute arbitrary code. The NCCIC is working with Advantech to provide mitigation steps to resolve the issues. In the meantime, the NCCIC recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert advantech

Intel 2G Modem (ICSA-18-114-02)

The NCCIC has released an advisory on vulnerabilities in Intel 2G modem. A series of Intel and Sofia products that use the Intel 2G modem are affected. Successful exploitation of this buffer overflow vulnerability may allow remote code execution. Intel is making firmware updates available to device manufacturers that protect systems from this vulnerability. The NCCIC recommends customers should check with their device manufacturers and apply any available updates as soon as practical.

Tags: 
nccic ics-cert intel

Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices Using the EN100 Ethernet Communication Module Extension (Update A) (ICSA-18-067-02) - Product Used in the Energy Sector (Updated April 19, 2018)

April 19, 2018

The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.

March 8, 2018

Tags: 
ics-cert siemens

Rockwell Automation Stratix Industrial Managed Ethernet Switch (ICSA-18-107-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation Stratix Industrial Managed Ethernet Switch. Allen-Bradley Stratix 8300 Industrial Managed Ethernet Switches, versions 15.2(4a)EA5 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation has released knowledge base article 1073315 and recommends implementing a series of mitigations.

Tags: 
nccic ics-cert rockwell automation

Rockwell Automation Stratix and ArmorStratix Switches (ICSA-18-107-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix and ArmorStratix Switches. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation recommends users upgrade to FRN 15.2(6)E1 or later.

Tags: 
nccic ics-cert rockwell automation

Rockwell Automation Stratix Services Router (ICSA-18-107-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix Services Router. Allen-Bradley Stratix 5900 Services Router, versions 15.6.3M1 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.

Tags: 
nccic ics-cert rockwell automation

Schneider Electric InduSoft Web Studio and InTouch Machine Edition (ICSA-18-107-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Schneider Electric InduSoft Web Studio and InTouch Machine Edition. InduSoft Web Studio v8.1 and prior versions and InTouch Machine Edition 2017 v8.1 and prior versions are affected. Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device.

Tags: 
nccic ics-cert schneider electric

Pages

Subscribe to Cybersecurity