You are here

Home » Cybersecurity

Cybersecurity

Siemens SIPORT MP (ICSA-20-287-06)

CISA has published an advisory on a use of client-side authentication vulnerability in Siemens SIPORT MP. Versions 3.2.1 and prior are affected. Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled. Siemens has released an updated version of SIPORT MP and recommends users install this update on all affected systems.

Siemens Desigo Insight (ICSA-20-287-05)

CISA has published an advisory on SQL injection, improper restriction of rendered UI layers or frames, and exposure of sensitive information to an unauthorized actor vulnerabilities in Siemens Desigo Insight. All versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to retrieve or modify data and gain access to sensitive information. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Siemens has identified specific workarounds and mitigations users can apply to reduce risk.

Fieldcomm Group HART-IP and hipserver (ICSA-20-287-04)

CISA has published an advisory on a stack-based buffer overflow vulnerability in Fieldcomm Group HART-IP and hipserver. For HART-IP Developer kit, release 1.0.0.0 is affected. For hipserver, release 3.6.1 is affected. Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Users of hipserver should immediately upgrade source code to v3.7.0 or later.

LCDS LAquis SCADA (ICSA-20-287-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an out-of-bounds read vulnerability in LCDS LAquis SCADA. Versions prior to 4.3.1.870 are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. LCDS recommends users update to Version 4.3.1.870 or later. CISA also advised on a series of measures to mitigate the vulnerability. Read the advisory at CISA.

MOXA NPort IAW5000A-I/O Series (ICSA-20-287-01) – Product Used in the Energy Sector

CISA has published an advisory on session fixation, improper privilege management, weak password requirements, cleartext transmission of sensitive information, improper restriction of excessive authentication attempts, and exposure of sensitive information to an unauthorized actor vulnerabilities in MOXA NPort IAW5000A-I/O Series. Firmware Version 2.1 or lower is affected.

Siemens SCALANCE W1750D, M800, and S615 (Update C) (ICSA-17-332-01) – Product Used in Water and Wastewater and Energy Sectors

October 13, 2020

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

May 10, 2018

The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.

April 5, 2018

Tags: 
ics-cert siemens

Siemens Industrial Products (Update J) (ICSA-19-253-03) – Products Used in the Water and Wastewater and Energy Sectors

October 13, 2020

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

September 8, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

'15CFAM' is More than FUN with Consequence-driven Cyber-informed Engineering (CCE)

Welcome to week two of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its tribute to National Cybersecurity Awareness Month (NCSAM). Today we briefly touch on less of a fundamental and more of a slightly advanced topic called Consequence-driven Cyber-informed Engineering (CCE), which comes in at #6 (Install Independent Cyber-Physical Safety Systems) in the 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.

Pages

Subscribe to Cybersecurity