You are here

Home » Cybersecurity

Cybersecurity

ABB Power Generation Information Manager (PGIM) and Plant Connect (ICSA-19-318-05) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an authentication bypass using an alternate path or channel vulnerability in ABB Power Generation Information Manager (PGIM) and Plant Connect. All versions of both products are affected. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device. ABB reports PGIM will transition to a limited support phase in January, 2020, and Plant Connect is already obsolete. Users are advised to upgrade to Symphony Plus Historian, which is not affected by this vulnerability.

Siemens Desigo PX Devices (ICSA-19-318-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an external control of assumed-immutable web parameter vulnerability in Siemens Desigo PX Devices. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface. Siemens has an update available for some of the affected products and has identified specific workarounds and mitigations that users can apply to reduce risk for the others.

Siemens Mentor Nucleus Networking Module (ICSA-19-318-01)

CISA has published an advisory on an improper input validation vulnerability in Siemens Mentor Nucleus Networking Module. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device. Siemens recommends installing software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at WaterISAC.

Latest BlueKeep Exploit Impacted Patched Machines

Over the past few weeks, there have been reports of new exploits targeting the Windows Remote Desktop Protocol (RDP) “BlueKeep” vulnerability. BlueKeep was first disclosed in May and entails a bug in the Windows RDP that allows an attacker to gain remote code execution without any user interaction. Microsoft issued a patch for BlueKeep when the vulnerability was disclosed, and yet many Windows RDP users did not patch their systems, as research of conducted via Shodan has revealed.

Microsoft Releases November 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Open Source Software, Microsoft Exchange Server, Visual Studio, and Azure Stack. Read the update at Microsoft.

Holiday Shopping, Phishing, and Malware Scams

As this holiday season approaches, the DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions:

Fuji Electric V-Server (ICSA-19-311-02)

CISA has published an advisory on a heap-based buffer overflow vulnerability in Fuji Electric V-Server. Versions 4.0.6 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed; several heap-based buffer overflows have been identified. Fuji Electric has released Version 4.0.7.0 to mitigate the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules (ICSA-19-311-01)

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules. Numerous versions of these products are affected. Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module. Only FTP server function is affected by this vulnerability. Mitsubishi Electric has produced a new version of the firmware. It also strongly recommends that users operate the affected device behind a firewall.

Safeguard Your IT and OT Networks with Cyber Threat Intelligence

One way to implement threat detection and monitoring is by leveraging cyber threat intelligence with Perch Security’s managed threat detection and response platform.

This was the topic of discussion on WaterISAC’s November 7, 2019 webinar presented by Perch, a WaterISAC partner. The webinar illustrated how utilities of all sizes and capabilities can better protect their networks with Perch.

U.S. Cyber Command Shares Seven New Malware Samples

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) and WaterISAC encourage users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples as well as the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

Pages

Subscribe to Cybersecurity