You are here

Home » Cybersecurity

Cybersecurity

CISA Alert: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert advising it is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

Siemens SCALANCE, RUGGEDCOM (ICSA-20-224-04) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a classic buffer overflow vulnerability in Siemens SCALANCE and RUGGEDCOM. For RUGGEDCOM RM1224, all versions prior to 6.3 are affected. For SCALANCE M-800 / S615, all versions prior to 6.3 are affected. Successful exploitation of this vulnerability could allow an attacker to gain unauthenticated access to a device and cause a buffer overflow to execute custom code. Siemens recommends applying the updates available for each of the products. CISA also recommends a series of measures to mitigate the vulnerability.

Tridium Niagara (ICSA-20-224-03)

CISA has published an advisory on a synchronous access of remote resource without timeout vulnerability in Tridium Niagara. For Niagara, versions 4.6.96.28, 4.7.109.20, 4.7.110.32, and 4.8.0.110 are affected. For Niagara Enterprise Security, versions 2.4.31, 2.4.45, and 4.8.0.35 are affected. Successful exploitation of this vulnerability could result in a denial-of-service condition. Tridium has released updates that mitigate this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Yokogawa CENTUM (ICSA-20-224-01) – Products Used in the Energy Sector

CISA has published an advisory on improper authentication and path traversal vulnerabilities in Yokogawa CENTUM. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands. Yokogawa recommends a series of mitigation measures. CISA also recommends a series of measures to mitigate the vulnerabilities.

Schneider Electric APC Easy UPS On-Line (ICSA-20-224-02)

CISA has published an advisory on a path traversal vulnerability in Schneider Electric APC Easy UPS On-Line. SFAPV9601 v2.0 and earlier are affected. Successful exploitation of the vulnerability could lead to remote code execution. Schneider Electric recommends users of versions below v2.1 to update to the latest version as soon as possible. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Siemens SIMATIC, SIMOTICS (ICSA-20-224-05) – Products Used in the Energy Sector

CISA has published an advisory on a TOCTOU race condition vulnerability in Siemens SIMATIC and SIMOTICS. All versions of SIMATIC RF350M and RF650M and SIMOTICS CONNECT 400 are affected. Successful exploitation of this vulnerability could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens Desigo CC (ICSA-20-224-06)

CISA has published an advisory on a code injection vulnerability in Siemens Desigo CC. For Desigo CC and Desigo CC Compact, versions 3.x and 4.x are affected. Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges. Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens SICAM A8000 RTUs (ICSA-20-224-08) – Product Used in the Energy Sector

CISA has published an advisory on a cross-site scripting vulnerability in Siemens SICAM A8000. All versions prior to C05.30 are affected. Successful exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the web application. Siemens recommends users update to the latest version, v05.30, as well as apply general security measures. CISA also recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity