As previously discussed by WaterISAC (including at its web page here and during its October Cyber Threat Briefing), the Onslow Water and Sewer Authority (ONWASA) experienced a ransomware attack in mid-October that impacted its IT networks.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server, Microsoft Dynamics 365 (on-premises) version 8, PowerShell Core, and Microsoft.PowerShell.Archive 1.2.2.0.
The NCCIC has released an advisory on path traversal and open redirect vulnerabilities in Siemens SIMATIC Panels. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow download of arbitrary files from the device, or allow URL redirections to untrusted websites. Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The NCCIC has released an advisory on an improper authentication vulnerability in Siemens SIMATIC IT Production Suite. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. Siemens provides updates to address this vulnerability in these products and recommends users update to the new version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The NCCIC has released an advisory on an unprotected storage of credentials vulnerability in Siemens SIMATIC STEP 7 (TIA Portal). All versions of this product prior to 15.1 are affected. Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords. Siemens recommends users update to Version 15.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC has released an advisory on a cross-site scripting vulnerability in Siemens SCALANCE S. Numerous products and versions of these products are affected. If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). Siemens recommends users update to Version 4.0.1.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC has released an advisory on an improper input validation vulnerability in Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal). Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform a HTTP header injection attack. Siemens has provided updates for the products to fix the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The NCCIC has released an advisory on an improper access control vulnerability in Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow a remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions. Siemens has released updates for the affected products and recommends users update to the newest version.
Mikko Hypponen, F-Secure’s Chief Research Officer, has a rule when it comes to electronic devices: “If it’s smart, it’s vulnerable.” Hypponen made this assertion over two years ago, and in that time it has become known as “Hypponen’s Law.” This law is becoming more applicable by the day, given the proliferation of smart technologies, which are increasingly present in both home and office environments, as well as in industrial settings.
An article from Symantec explains why organizations that find themselves victims of ransomware should not pay the fees demanded by perpetrators. As noted by the author, security experts and law enforcement agencies, including the FBI, recommend that victims not give in to ransomware attackers’ demands, and yet they are aware many victims elect to pay. The author examines this recommendation in light of recent real-world ransomware attacks in which victims paid and didn’t pay.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
