You are here

Home » Cybersecurity

Cybersecurity

Schneider Electric InduSoft Web Studio and InTouch Machine Edition (ICSA-17-313-02) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Schneider Electric InduSoft Web Studio and InTouch Machine Edition vulnerability. For InduSoft Web Studio, v8.0 SP2 Patch 1 and prior versions are affected; for InTouch Machine Edition, v8.0 SP2 Patch 1 and prior versions are affected. Successful exploitation of this vulnerability could allow a remote un-authenticated attacker to remotely execute code with high privileges. For both products, Schneider Electric recommends users upgrade to v8.1 as soon as possible.

Tags: 
ics-cert schneider electric

Advantech WebAccess (ICSA-17-306-02) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on an Advantech WebAccess vulnerability. Versions of WebAccess prior to V8.2_20170817 are affected. Successful exploitation of these vulnerabilities may allow remote code execution. Advantech has released a new version of WebAccess to address the vulnerabilities. ICS-CERT.

Tags: 
ics-cert advantech

ABB FOX515T (ICSA-17-304-01)

ICS-CERT has released an advisory on an ABB FOX515T vulnerability. FOX515T release 1.0 is affected. Successful exploitation of this vulnerability could allow for a local attacker to craft a malicious script that would enable retrieval of any file on the server. ABB reports that the product has been phased out and has reached obsolete status. No further maintenance is planned for the product. ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert abb

Trihedral Engineering Limited VTScada (ICSA-17-304-02) - Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Trihedral Engineering Limited VTScada vulnerability. VTScada 11.3.03 and prior are affected. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. Trihedral Engineering Limited recommends that users of an affected version update to the latest version, 11.3.05. ICS-CERT.

Tags: 
ics-cert trihedral

Korenix JetNet (ICSA-17-299-01)

ICS-CERT has released an advisory on a Korenix JetNet vulnerability. Numerous versions of JetNet, an Ethernet switch, are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote access to the device to run arbitrary code and perform man-in-the-middle attacks. Korenix has produced new firmware that removes the undocumented hard-coded credentials from supported systems. ICS-CERT.

 

Tags: 
ics-cert korenix

SpiderControl MicroBrowser (ICSA-17-292-01)

ICS-CERT has released an advisory on a SpiderControl MicroBrowser vulnerability. MicroBrowser Windows XP; Vista 7, 8, and 10; and versions 1.6.30.144 and prior are affected. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. SpiderControl has provided software update Version 1.6.30.148 for MicroBrowser, which fixes this vulnerability. ICS-CERT.

Tags: 
ics-cert spidercontrol

Progea Movicon SCADA/HMI (ICSA-17-290-01) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a Progea Movicon SCADA/HMI vulnerability. Movicon Version 11.5.1181 and prior are affected. Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution. Progea has not provided an update to address these vulnerabilities, however, it has issued a knowledge base article about DLL Hijacking. NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
ics-cert progea movicon

ProMinent MultiFLEX M10a Controller (ICSA-17-285-01) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a ProMinent MultiFLEX M10a Controller vulnerability. All versions of MultiFLEX M10a Controller web interface are affected. Successful exploitation of these vulnerabilities could allow an attacker to bypass protection mechanisms, assume the identity of authenticated users, and change the device configuration. ProMinent has not provided mitigations for these vulnerabilities. ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
ics-cert prominent

WECON Technology Co., Ltd. LeviStudio HMI Editor (ICSA-17-285-02) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a WECON Technology Co., Ltd. LeviStudio HMI Editor vulnerability. LEVI Studio HMI Editor v1.8.1 and prior are affected. Successful exploitation of these vulnerabilities may result in denial of service and arbitrary code execution. WECON recommends that users update to v1.8.2. ICS-CERT.

Tags: 
ics-cert wecon technologies

Envitech Ltd. EnviDAS Ultimate (ICSA-17-285-03) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on an Envitech Ltd. EnviDAS Ultimate vulnerability. Versions prior to v1.0.0.5 are affected. Successful exploitation of this vulnerability could allow an attacker to view and edit settings without authenticating and execute code remotely. Envitech Ltd., recommends that users of affected versions update to the latest version of v1.0.0.5 or newer. ICS-CERT.

Tags: 
ics-cert envitech ltd.

Pages

Subscribe to Cybersecurity