CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC. All versions of MELSEC’s iQ-R, iQ-F, Q, L, and F series are affected. Successful exploitation of this vulnerability may render the device unresponsive. Mitsubishi Electric recommends some measures to mitigate the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS Products. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.
March 31, 2020
CISA has updated the vulnerability overview section of this advisory. Read the advisory at CISA.
January 16, 2020
The FBI has published a Private Industry Notification (PIN) on Kwampirs, a remote access Trojan the FBI says has heavily targeted several industries, including energy and the software supply chain. As described in the PIN, a campaign with Kwampirs employs a two-phased approach. The first phase establishes a broad and persistent presence on the targeted network, to include delivery and execution of secondary malware payload(s). The second phase includes the delivery of additional Kwampirs components or malicious payload(s) to further exploit the infected victim host(s).
There is certainly no shortage of advice and best practices being labeled with “COVID-19” to grab our attention. But the fact of the matter is, whether it is hand washing or cyber resilience, the guidance is valid for all-time. But, it is an unfortunate reality that it often takes an incident to spur us into shoring up cyber hygiene, or personal hygiene for that matter. Whether out of complacency, denial, lack of support or resources, many organizations and individuals simply do not act until it is nearly too late.
CISA has published an advisory on a stack-based buffer overflow vulnerability in Advantech WebAccess. Versions 8.4.2 and prior are affected. Successful exploitation of this vulnerability may allow remote code execution. Advantech has released Version 8.4.4 of WebAccessNode to address the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
The FBI’s Portland, Oregon office has published an advisory discussing best practices for when you are on-the-go. Noting the tendency for people in these situations to access public WiFi, the advisory recommends the use of a Virtual Private Network (VPN).
With countless utilities having implemented teleworking for much of their non-critical roles during the COVID-19 situation, it is likely that many did not have policies, procedures, or even infrastructure or devices in place to support a remote workforce. As such, many staff were probably sent home with little knowledge or resources on how to perform their jobs securely from remote locations and/or personal devices.
While most of the nation is working and learning remotely (hopefully at home) to stop the spread of COVID-19, it is up to critical infrastructure owners and operators to keep the water running, toilets flushing, heat and lights on, and the shelves stocked with critical supplies. While many utilities are finding the proper balance between social distancing and maintaining operations, cyber threat actors across all categories have stepped up their campaigns in hopes to capitalize on the numerous distractions and our eagerness for greater situational awareness during this time.
CISA has published an advisory on relative path traversal, incorrect default permissions, inadequate encryption strength, insecure storage of sensitive information, and stack-based buffer overflow vulnerabilities in VISAM Automation Base (VBASE). VBASE Editor, version 11.5.0.2 and VBASE Web-Remote Module are affected.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
