January 15, 2019
The NCCIC has updated this advisory with information on the nature of the vulnerabilities. Read the full advisory at NCCIC/ICS-CERT.
January 8, 2019
The NCCIC has published an advisory on an improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and authentication bypass using an alternate path or channel vulnerabilities in LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. Version 4.1.0.3870 is affected. Successful exploitation of these vulnerabilities could allow remote code execution, data exfiltration, or cause a system crash. LCDS recommends users update to Version 4.1.0.4150.
Hackmageddon has compiled a full listing of cyber attacks it observed in 2018 – 1,337 in all – presenting for each the suspected perpetrator, target, and type of attack, among other details. From the individual incidents it has generated a number of useful statistics, which present the attacks that occurred by sector (including for the water sector), by month, and by motivation. Access the full listing of cyber incidents at Hackmageddon.
New research indicates that the Ryuk ransomware actors may be using new types of malware to gain entrance to victims’ networks. As previously reported on by WaterISAC, the systems and networks of water utility in North Carolina were infected in October 2018 by Ryuk ransomware that had been dropped by the Emotet malware. In new reports by FireEye and CrowdStrike, researchers explain how “TrickBot” is now being used to get access.
Tenable Research reports it has discovered multiple zero-day vulnerabilities in the Identicard PremiSys access control system that, as of January 9, have not been patched. The PremiSys system can be used to manage door controls and access cards, collect detailed facility data and integrate with video monitoring systems. Because there is no vendor patch, Tenable Research notes affected users will have to attempt to mitigate these vulnerabilities.
Today, cybersecurity firm Radware released a report discussing the damage a successful cyber attack can do to an organization, including to its reputation. The report was developed based on a worldwide survey of nearly 800 business and security executives and professionals. One of its key findings is that the average estimated cost of a cyber attack grew by 54 percent and now exceeds $1 million. Part of these costs emerge from impacts to an organization’s reputation, with some of the survey respondents acknowledging that they lost customers as a result of cyber attacks.
The NCCIC reports it is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolves. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.
The NCCIC has published an advisory on an authentication bypass vulnerability in Emerson DeltaV. Multiple versions of this product are affected. Successful exploitation of this vulnerability could allow an attacker to shut down a service, resulting in a denial of service. Emerson recommends users to patch affected products. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.
The NCCIC has published an advisory on a type confusion vulnerability in Omron CX-One CX-Protocol. Versions 2.0 and prior are affected. Successful exploitation of the vulnerability could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.
The NCCIC has published an advisory on a type confusion vulnerability in Pilz PNOZmulti Configurator. All versions prior to 10.9 are affected. Successful exploitation of this vulnerability could allow sensitive data to be read from the system. Pilz has discontinued the PMI m107 diag HMI device and the function concerned was removed in PNOZmulti Configurator Version 10.9. Pilz has provided a list of steps (listed on the NCCIC advisory) to mitigate this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
