You are here

Home » Cybersecurity

Cybersecurity

iniNet Solutions GmbH SCADA Webserver (ICSA-17-264-04)

ICS-CERT has released an advisory on an iniNet Solutions GmbH SCADA Webserver vulnerability. All versions prior to V2.02.0100 are affected. Successful exploitation of this vulnerability could allow malicious users to access human-machine interface (HMI) pages or to modify programmable logic controller (PLC) variables without authentication. IniNet Solutions GmbH has released a new version of the SCADA Webserver, V2.02.0100, which allows users to implement basic authentication. ICS-CERT.

Tags: 
ics-cert iniNet Solutions GmbH

Digium Asterisk GUI (ICSA-17-264-03)

ICS-CERT has released an advisory on a Digium Asterisk GUI vulnerability. Asterisk GUI 2.1.0 and prior are affected. Successful exploitation of this vulnerability could cause an authenticated attacker to execute arbitrary code on the device. Asterisk GUI is no longer maintained and should not be used. Digium recommends affected users to migrate to Digium’s SwitchVox product. ICS-CERT.

Tags: 
ics-cert digium

Saia Burgess Controls PCD Controllers (ICSA-17-234-05) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Saia Burgess Controls PCD Controllers vulnerability. PCD firmware versions prior to 1.28.16 or 1.24.69 are affected. Successful exploitation of this vulnerability could allow an attacker to obtain information in memory. Saia Burgess Controls strongly recommends that users update to the latest versions of firmware, Version 1.28.16 or 1.24.69. ICS-CERT.

Tags: 
ics-cert saia burgess controls

Ctek, Inc. SkyRouter (ICSA-17-264-02) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a Ctek, Inc. SkyRouter vulnerability. SkyRouter Series 4200 and 4400 all versions prior to V6.00.11 are affected. Successful exploitation of this vulnerability may allow an unauthorized user to view and edit settings without authenticating. Ctek, Inc., reports it has addressed this issue and addressed additional security requirements in its latest security release V6.00.11, which is now available on all models currently in production. ICS-CERT.

Tags: 
ics-cert ctek

Schneider Electric InduSoft Web Studio, InTouch Machine Edition (ICSA-17-264-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a vulnerability in Schneider Electric InduSoft Web Studio, InTouch Machine Edition. InduSoft Web Studio v8.0 SP2 or prior and InTouch Machine Edition v8.0 SP2 or prior are affected. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary commands with high privileges. Schneider Electric recommends users using InduSoft Web Studio v8.0 SP2 or prior should upgrade and apply InduSoft Web Studio v8.0 SP2 Patch 1 as soon as possible.

Tags: 
ics-cert schneider electric indusoft

PHOENIX CONTACT mGuard Device Manager (ICSA-17-262-01)

ICS-CERT has released an advisory on a PHOENIX CONTACT mGuard Device Manager. Versions 1.8.0 and older are affected. Successful exploitation of these vulnerabilities could allow unauthorized remote access, modification of data, and may allow remote and local users to gain elevated privileges. PHOENIX CONTACT recommends that all users of the affected product on Windows should update to at least Version 1.8.0.1. ICS-CERT.

Tags: 
ics-cert phoenix contact

mySCADA myPRO (ICSA-17-255-01) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a vulnerability in mySCADA myPRO, an HMI/SCADA management platform. myPRO Versions 7.0.26 and prior are affected. Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges. mySCADA has released new versions that address the identified vulnerability. ICS-CERT.

 

Tags: 
ics-cert mySCADA myPRO

Pages

Subscribe to Cybersecurity