You are here

Home » Cybersecurity

Cybersecurity

3S-Smart Software Solutions GmbH CODESYS Control V3 Products (ICSA-18-352-03) – Products Used in the Energy Sector

The NCCIC has published an advisory on an improper access control vulnerability in 3S-Smart Software Solutions GmbH CODESYS Control V3 Products. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow unauthorized access and exfiltration of sensitive data including user credentials. 3S-Smart Software Solutions GmbH recommends activating the CODESYS Control online user management and encryption of the online communication. 3S-Smart Software Solutions GmbH recommends updating to the latest software Version 3.5.14.0 or newer.

Advantech WebAccess/SCADA (ICSA-18-352-02) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an improper input validation vulnerability in Advantech WebAccess/SCADA. WebAccess/SCADA version 8.3.2 installed on Windows 2008 R2 SP1 is affected. Successful exploitation of this vulnerability could cause a stack buffer overflow condition. Advantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.

ABB GATE-E2 (ICSA-18-352-01)

The NCCIC has published an advisory on missing authentication for critical function and cross-site scripting vulnerabilities in ABB GATE-E2. GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018) are affected. Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise the availability of the device, read or modify registers and settings, or change the device configuration. ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL).

Schneider Electric Triconex Tricon (Update B) (ICSA-18-107-02) - Updated December 18, 2018

December 18, 2018

The NCCIC has updated this advisory with additional information on mitigation measures. NCCIC/ICS-CERT.

May 3, 2018

The NCCIC has updated this advisory with additional details on technical details, mitigation measures, and the NCCIC’s own recommendations. NCCIC/ICS-CERT.

April 17, 2018

Tags: 
nccic ics-cert schneider electric

NCCIC Analysis Report – Quasar Open Source Remote Administration Tool

The NCCIC has published an Analysis Report on the Quasar, a legitimate open source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation. This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity.  providing technical information based on samples of the malware and the techniques that were employed.

Bomb Threats Emailed Around the World

Late last week, organizations around the world, including in the U.S., Australia, and Canada, received emails claiming that an explosive device would detonate within their buildings unless a ransom in Bitcoin was paid. Samples of some of the emails show that the sender demanded $20,000 in payment, which was to be converted into Bitcoin and transferred to the sender’s Bitcoin wallet. The threats appear to have been a hoax – no detonations occurred and no devices were found.

Long-Range Emerging Threats Facing the U.S.

The Government Accountability Office (GAO) has compiled into single report various long-range emerging threats to the U.S. independently identifed by the Department of Defense, the Department of State, the Department of Homeland Security, and the Office of the Director of National Intelligence. GAO grouped the threats into four broad categories, which include adversaries’ political and military advancements, dual-use technologies, weapons, and events and demographic changes. There are threats within each of these categories that could have direct impacts on water and wastewater utilities.

Schneider Electric GUICon Eurotherm (ICSA-18-347-01)

The NCCIC has released an advisory on type confusion and stack-based buffer overflow vulnerabilities in Schneider Electric GUIcon Eurotherm. Version 2.0 of this product is affected. Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within the context of the application. Schneider Electric recommends upgrading to GUIcon Version 2.0 Software Package (Gold Build 683.003), which includes fixes for these vulnerabilities. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (ICSA-18-347-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on an improper input validation vulnerability in EN100 Ethernet Communication Module and SIPROTEC 5 relays. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could cause a denial-of-service condition of the network functionality of the device, compromising the availability of the system. Siemens has released updates for several affected products. Siemens is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.

Pages

Subscribe to Cybersecurity