Cybersecurity

ICS-CERT has released an advisory on a Schneider Electric IGSS Mobile vulnerability. All versions including and prior to 3.01 of IGSS Mobile for Android and IGSS Mobile for iOS are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute a man-in-the-middle attack. In addition, passwords can be accessed by unauthorized users. An update for Android with the fix for these vulnerabilities is available for download on Google Play.

ICS-CERT had released an advisory on a Nortek Linear eMerge E3 Series vulnerability. Linear eMerge E3 series Versions V0.32-07e and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control of the server. Nortek recommends that affected users upgrade by following the process outlined on Page 47 of the E3 User Programming Guide. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

ICS-CERT has released an advisory on a Schneider Electric IGSS SCADA Software vulnerability. IGSS SCADA Software V12 and all previous versions are affected. Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash or execute arbitrary code. Schneider Electric has provided IGSS SCADA Software V13 to address this vulnerability.  ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

February 6, 2018

ICS-CERT has updated this advisory with additional details about mitigating the vulnerability. ICS-CERT.

January 25, 2018