You are here

Home » Cybersecurity

Cybersecurity

Siemens BACnet Field Panels (ICSA-17-285-05)

ICS-CERT has released an advisory on a Siemens BACnet Field Panels vulnerability. All versions prior to V3.5 of APOGEE PXC BACNet Automation Controllers and all versions prior to V3.5 of TALON TC BACnet Automation Controllers are affected. Successful exploitation of these vulnerabilities could allow unauthenticated attackers with access to the integrated webserver to download sensitive information. Siemens has provided firmware Version V3.5 for BACnet Field Panels Advanced modules, which fixes the vulnerabilities, and they recommend that users update to the new fixed version.

Tags: 
ics-cert siemens

JanTek JTC-200 (ICSA-17-283-02)

ICS-CERT has released an advisory on a JanTek JTC-200 vulnerability. All versions of JTC-200 are affected. Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, assume the authenticated user’s identity, and gain privileges or access to the system. JanTek will not be developing mitigations for the vulnerabilities affecting JTC-200 as it is developing a JTC-300 model scheduled for release near the end of 2017.

Tags: 
ics-cert jantek jtc-200

LAVA Computer MFG Inc. Ether-Serial Link (ICSA-17-283-01)

ICS-CERT has released an advisory on a LAVA Computer MFG Inc. Ether-Serial Link vulnerability. Versions 6.01.00/29.03.2007 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, assume the authenticated user’s identity, and gain privileges or access to the system. As LAVA Computer MFG Inc. has not responded to requests to work with ICS-CERT to mitigate this vulnerability, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert lava computer mfg inc.

iniNet Solutions GmbH SCADA Webserver (ICSA-17-264-04)

ICS-CERT has released an advisory on an iniNet Solutions GmbH SCADA Webserver vulnerability. All versions prior to V2.02.0100 are affected. Successful exploitation of this vulnerability could allow malicious users to access human-machine interface (HMI) pages or to modify programmable logic controller (PLC) variables without authentication. IniNet Solutions GmbH has released a new version of the SCADA Webserver, V2.02.0100, which allows users to implement basic authentication. ICS-CERT.

Tags: 
ics-cert iniNet Solutions GmbH

Digium Asterisk GUI (ICSA-17-264-03)

ICS-CERT has released an advisory on a Digium Asterisk GUI vulnerability. Asterisk GUI 2.1.0 and prior are affected. Successful exploitation of this vulnerability could cause an authenticated attacker to execute arbitrary code on the device. Asterisk GUI is no longer maintained and should not be used. Digium recommends affected users to migrate to Digium’s SwitchVox product. ICS-CERT.

Tags: 
ics-cert digium

Saia Burgess Controls PCD Controllers (ICSA-17-234-05) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Saia Burgess Controls PCD Controllers vulnerability. PCD firmware versions prior to 1.28.16 or 1.24.69 are affected. Successful exploitation of this vulnerability could allow an attacker to obtain information in memory. Saia Burgess Controls strongly recommends that users update to the latest versions of firmware, Version 1.28.16 or 1.24.69. ICS-CERT.

Tags: 
ics-cert saia burgess controls

Ctek, Inc. SkyRouter (ICSA-17-264-02) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a Ctek, Inc. SkyRouter vulnerability. SkyRouter Series 4200 and 4400 all versions prior to V6.00.11 are affected. Successful exploitation of this vulnerability may allow an unauthorized user to view and edit settings without authenticating. Ctek, Inc., reports it has addressed this issue and addressed additional security requirements in its latest security release V6.00.11, which is now available on all models currently in production. ICS-CERT.

Tags: 
ics-cert ctek

Schneider Electric InduSoft Web Studio, InTouch Machine Edition (ICSA-17-264-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a vulnerability in Schneider Electric InduSoft Web Studio, InTouch Machine Edition. InduSoft Web Studio v8.0 SP2 or prior and InTouch Machine Edition v8.0 SP2 or prior are affected. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary commands with high privileges. Schneider Electric recommends users using InduSoft Web Studio v8.0 SP2 or prior should upgrade and apply InduSoft Web Studio v8.0 SP2 Patch 1 as soon as possible.

Tags: 
ics-cert schneider electric indusoft

Pages

Subscribe to Cybersecurity