You are here

Home

Cybersecurity

Schneider Electric Pelco VideoXpert Enterprise (ICSA-17-355-02)

ICS-CERT has released an advisory on a Schneider Electric Pelco VideoXpert Enterprise vulnerability. All versions prior to 2.1 are affected. Successful exploitation of these vulnerabilities may allow an authorized user to gain system privileges or an unauthorized user to view files. Schneider Electric has released firmware Version 2.1 for VideoXpert to address these vulnerabilities. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert schneider electric

Moxa Nport W2150A and W2250A (ICSA-17-355-01)

ICS-CERT has released an advisory on a Moxa Nport W2150A and W2250A vulnerability. Versions prior to 1.11 in both products are affected. Successful exploitation of this vulnerability could allow unauthorized access. Moxa has produced new firmware Version 2.1 for the affected devices. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert moxa

Siemens LOGO! Soft Comfort (ICSA-17-353-04)

ICS-CERT has released an alert on a Siemens LOGO! Soft Comfort vulnerability. All versions of LOGO! Soft Comfort prior to V8.2 are affected. Successful exploitation of this vulnerability could allow a remote attacker in a privileged network position to manipulate a software package during download. Siemens removed the Update Center from LOGO! Soft Comfort V8.2 and provides SHA-256 checksums for all LOGO! Soft Comfort software packages via a secured HTTPS channel.

Tags: 
ics-cert siemens

PEPPERL+FUCHS/ecom Instruments WLAN Capable Devices Using the WPA2 Protocol (ICSA-17-353-02)

ICS-CERT has released an alert on a PEPPERL+FUCHS/ecom instruments vulnerability. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to operate as a “man-in-the-middle” between the device and the wireless access point. For some of the products, PEPPERL+FUCHS/ecom instruments is still working on fixes for the vulnerabilities. For devices running Windows, the company recommends users apply a security update provided by Microsoft.

Tags: 
ics-cert pepperl+fuchs/ecom instruments

ABB Ellipse (ICSA-17-353-01) – Product Used in the Energy Sector

ICS-CERT has released an alert on an ABB Ellipse vulnerability. The vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). Successful exploitation of this vulnerability could allow an attacker to discover authentication credentials by sniffing the network traffic. ABB has released several product updates to mitigate the vulnerability. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert abb

WECON Technology Co., Ltd. LeviStudio HMI (ICSA-17-353-05) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on a WECON Technology Co., Ltd. LeviStudio HMI vulnerability. All versions of LeviStudio HMI are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution. WECON recommends that users update to the latest version. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert wecon

Ecava IntegraXor (ICSA-17-353-03) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on an Ecava IntegraXor vulnerability. Versions of Ecava IntegraXor v.6.1.1030.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the database or generate an error in the database log. Ecava recommends that users of affected IntegraXor versions update to version 6.1.1215.0 or newer. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert ecava

WAGO PFC200 (ICSA-17-341-01)

ICS-CERT has released an alert on an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. The vulnerability is exploitable by sending a TCP payload on the bound port. ICS-CERT has notified WAGO of the report and has asked it to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

Tags: 
ics-cert wago

Xiongmai Technology IP Cameras and DVRs (ICSA-17-341-01)

ICS-CERT has released an alert on a Xionmai Technology IP cameras and DVRs vulnerability. All IP cameras and DVRs using the NetSurveillance Web interface are affected. Successful exploitation of this vulnerability could cause the device to reboot and return to a more vulnerable state in which Telnet is accessible. Xiongmai Technology has not responded to requests to coordinate with NCCIC/ICS-CERT. ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert

Rockwell Automation FactoryTalk Alarms and Events (ICSA-17-341-02) – Product Used in Water and Wastewater Sectors

ICS-CERT has released an advisory on a Rockwell Automation FactoryTalk Alarms and Events vulnerability. Several versions of the product are affected. Successful exploitation of this vulnerability may allow an attacker to cause a denial of service condition in the history archiver service running on FactoryTalk Alarms and Events. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Alarms and Events, Version 2.90 or later, and applying available patches. ICS-CERT.

Tags: 
ics-alert rockwell

Pages

Subscribe to Cybersecurity