Cybersecurity

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Omron CX-One. Multiple versions of this product are affected. Successful exploitation of these vulnerabilities could allow remote code execution. Omron has released an updated version of CX-One to address the reported vulnerabilities. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

The NCCIC/ICS-CERT has released an advisory on a vulnerability in LCDS Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. LAquis SCADA software versions 4.1.0.3391 and prior are affected. Successful exploitation of this vulnerability could cause the device an attacker is accessing to crash, resulting in a structured exception handler overflow condition, which may allow code execution. LCDS recommends that users update to version 4.1.0.3774. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation MicroLogix. MicroLogix 1400 versions FRN 21.003 and prior and MicroLogix 1100 versions FRN 16.00 and prior are affected. Successful exploitation of these vulnerabilities could cause denial of service, disclosure of sensitive information, communication loss, and modification of settings or ladder logic. Rockwell Automation has recommended a series of mitigation strategies for these vulnerabilities.

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Siemens TIM 1531 IRC. All versions of this product prior to v1.1 are affected. Successful exploitation may cause the device to enter a denial-of-service condition, or allow the attacker to read and manipulate data and configuration settings of the affected device.