You are here

Home » Cybersecurity

Cybersecurity

Siemens SIMATIC, SIMOTION, and SINUMERIK (ICSA-18-060-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Siemens SIMATC, SIMOTION, and SINUMERIK vulnerability. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could result in execution of arbitrary code, extended privileges, and unauthenticated access to sensitive data. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms.

Tags: 
ics-cert siemens

Emerson ControlWave Micro Process Automation Controller (ICSA-18-058-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on an Emerson ControlWave Micro Process Automation Controller vulnerability. Versions 05.78.00 and prior are affected. Exploitation may possibly cause a halt of Ethernet functionality, requiring a cold start to restore the system as well as communications related to ControlWave Designer access. This can possibly result in a loss of system availability and disruption in communications with other connected devices. Emerson has offered a list of recommendations to address this vulnerability.

Tags: 
ics-cert emerson

Siemens SIMATIC Industrial PCs (ICSA-18-058-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Siemens SIMATIC Industrial PCs vulnerability. Siemens reports the vulnerability affects a number of versions of SIMATIC Industrial PCs using a version of Infineon’s Trusted Platform Model (TPM). Successful exploitation of this vulnerability could make it easier for attackers to conduct cryptographic attacks against the key material. As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms.

Tags: 
ics-cert siemens simatic

ABB netCADOPS Web Application (ICSA-18-051-01) – Product Used in the Energy Sector

ICS-CERT has released an advisory on an ABB netCADOPS Web Application vulnerability. Multiple versions of this product are affected. Successful exploitation of this vulnerability could allow critical information about the database to be exposed. ABB has released product updates to mitigate the vulnerability. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert abb

Schneider Electric StruxureOn Gateway (ICSA-18-046-04) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Schneider Electric StruxureOn Gateway vulnerability. All versions prior to 1.2 are affected. Successful exploitation of this vulnerability could allow a remote attacker to upload a malicious file to any directory on the device, which could lead to remote code execution. Schneider Electric has released a new version of the software. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert

Schneider Electric IGSS Mobile (ICSA-18-046-03) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Schneider Electric IGSS Mobile vulnerability. All versions including and prior to 3.01 of IGSS Mobile for Android and IGSS Mobile for iOS are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute a man-in-the-middle attack. In addition, passwords can be accessed by unauthorized users. An update for Android with the fix for these vulnerabilities is available for download on Google Play.

Tags: 
ics-cert schneider electric

GE D60 Line Distance Relay (ICSA-18-046-02) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a GE D60 Line Distance Relay vulnerability. D60 devices running firmware Version 7.11 and prior are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the device. GE has released firmware that addresses the vulnerabilities. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert ge

Nortek Linear eMerge E3 Series (ICSA-18-046-01)

ICS-CERT had released an advisory on a Nortek Linear eMerge E3 Series vulnerability. Linear eMerge E3 series Versions V0.32-07e and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control of the server. Nortek recommends that affected users upgrade by following the process outlined on Page 47 of the E3 User Programming Guide. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert nortek

Pages

Subscribe to Cybersecurity