Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. The NCCIC encourages users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate version. Read the advisory at NCCIC/US-CERT.
May 14, 2019
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
April 9, 2019
May 14, 2019
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
November 13, 2018
The NCCIC has published an advisory on use of hard-coded credentials, insufficient protection of credentials, and cross-site scripting vulnerabilities in Siemens SIMATIC Panels and WinCC (TIA Portal). Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker with network access to the device to read/write variables via SNMP. Siemens has released updates for the affected products. The NCCIC has also provided a series of measures to address the vulnerabilities.
The NCCIC has published an advisory on command injection, information exposure, and cross-site scripting vulnerabilities in Siemens SCALANCE W1750D. All versions prior to 8.4.0.1 are affected. Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session. Siemens recommends users upgrade to Version 8.4.0.1 or later.
The NCCIC has published an advisory on an improper input validation vulnerability in Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition. Siemens recommends users upgrade to NXGpro control. The NCCIC has also provided a series of measures to address the vulnerability. Read the advisory at NCCIC/ICS-CERT.
The NCCIC has published an advisory on an uncontrolled resource consumption vulnerability in Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II. For NXG I and NXG II, all versions of 6SR2, 6SR3, and 6SR4 with option G28 are affected. Successful exploitation of this vulnerability could allow an attacker with access to the Ethernet Modbus Interface to cause a denial-of-service condition exceeding the number of available connections. Siemens recommends that affected users upgrade to NXGpro control. The NCCIC has also provided a series of measures to address the vulnerability.
The NCCIC has published an advisory on missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities in Siemens LOGO!8 BM. All versions are affected. Successful exploitation of these vulnerabilities could allow device reconfiguration, access to project files, decryption of files, and access to passwords. Siemens recommends a series of mitigations to address the vulnerabilities. The NCCIC has also provided a series of measures to address the vulnerabilities.
The NCCIC has published an advisory on a deserialization of untrusted data vulnerability in Siemens LOGO! Soft Comfort. All versions are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user into opening a manipulated project. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability.
The NCCIC has published an advisory on a missing authentication for critical function vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7. Versions 7.2 and earlier and versions 7.3 and newer of SIMATIC WinCC and versions 8.0 and earlier and 8.1 and newer of SIMATIC WinCC are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
