You are here

Home » Cybersecurity

Cybersecurity

Rockwell Automation EtherNet/IP Web Server Modules (ICSA-19-036-02)

The NCCIC has published an advisory on an improper input validation vulnerability in Rockwell Automation EtherNet/IP Web Server Modules. For 1756-EWEB (includes 1756-EWEBK), versions 5.001 and prior are affected. For CompactLogix 1768-EWEB, versions 2.005 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. Rockwell Automation recommends that affected users disable the SNMP service if not in use.

Siemens SIMATIC S7-1500 CPU (ICSA-19-036-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an improper input validation vulnerability in Siemens SIMATIC S7-1500 CPU. For SIMATIC S7-1500, versions 1.8.5 and prior are affected. For SIMATIC S7-1500, versions prior to 2.5, down to an including 2.0, are affected. Successful exploitation of these vulnerabilities could allow a denial of service condition of the device. Siemens recommends users upgrade to Version 2.5 or newer. Users who cannot upgrade because of hardware restrictions are recommended to apply the manual mitigations.

WECON LeviStudioU (ICSA-19-036-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities in WECON LeviStudioU. Versions 1.8.56 and prior are affected. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code. WECON has produced an updated version to fix the reported problems. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.

AVEVA InduSoft Web Studio and InTouch Edge HMI (ICSA-19-036-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on missing authentication for critical function and resource injection vulnerabilities in AVEVA InduSoft Web Studio and InTouch Edge HMI. For InduSoft Web Studio, versions prior to 8.1 SP3 are affected. For InTouch Edge HMI, versions prior to the 2017 update are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary process using a specially crafted database connection configuration file.

Protecting Your Software Supply Chain

An article in Risk Management provides an overview of a software supply chain and describes how an attack against one could occur. The article observes that even companies with robust cybersecurity programs can be vulnerable to these attacks, which can be perpetrated by an adversary inserting malicious code into an otherwise legitimate software application. These activities can lead to data leaks or even physical effects, with threat actors potentially gaining access to an organization’s network.

Ransomware Victims Who Pay Cough Up $6,733, On Average

Ransomware victims who opt to pay their attackers for the promise of a decryption key forked over, on average, $6,733 during the fourth quarter of 2018, up 13 percent from the previous quarter, reports ransomware incident response firm Coveware. However, Coveware cautions that not all payments resulted in victims receiving a decryption key or successfully decrypting data. Most security experts and police recommend that ransomware victims never pay, warning that doing so directly funds cyber crime and further ransomware research and development.

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

The National Security Agency (NSA) has released a Cybersecurity Advisory providing updated guidance for addressing side-channel vulnerabilities that affect Intel, AMD, ARM, and IBM processors. Side-channel vulnerabilities exploit weaknesses in speculative execution to leak information, potentially allowing for account permission protocols, virtualization boundaries, and protected memory regions to be bypassed. Spectre and Meltdown, which were disclosed in January 2018, are an example of this kind of vulnerability.

Schneider Electric EVLink Parking (ICSA-19-031-01)

The NCCIC has published an advisory on use of hard-coded credentials, code injection, sql injection vulnerabilities in Schneider Electric EVLink Parking. Versions 3.2.0-12_v1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands, and access the web interface with full privileges. Schneider Electric recommends users setup a firewall to restrict remote access to the charging stations by unauthorized users.

Pages

Subscribe to Cybersecurity