You are here

Home » Cybersecurity

Cybersecurity

Cybersecurity for Water Utilities

An article recently published in WaterWorld discusses the host of cyber risks confronting water and wastewater utilities, noting that managing them will require a culture shift. Risks have arisen from the advent of new technologies that expand attack surfaces and heighten the potential consequences of an attack and vulnerabilities introduced via supply chains. As described by the article, fortunately there is a growing awareness within the sector of these risks as well as a proliferation of tools and other resources to help water and wastewater utilities prevent and mitigate incidents.

Delta Industrial Automation TPEditor (ICSA-18-284-03)

The NCCIC has released an advisory on out-of-bounds write and stack-based buffer overflow vulnerabilities in Delta Industrial Automation TPEditor. Versions 1.90 and prior are affected. Successful exploitation of these vulnerabilities could crash the accessed device, resulting in a buffer overflow condition that may allow remote code execution. Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.91. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

NUUO NVRmini2 and NVRsolo (ICSA-18-284-01)

The NCCIC has released an advisory on stack-based buffer overflow and leftover debug code vulnerabilities in NUUO NVRmini2 and NVRsolo. Versions 3.8.0 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification. NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Fuji Electric Energy Savings Estimator (ICSA-18-282-07)

The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Fuji Electric Energy Savings Estimator. Versions 1.0.2.0 and prior are affected. Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with the same privileges as the application that loaded the malicious DLL. Fuji Electric has released Version V.1.0.2.1 of the software. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Hangzhou Xiongmai Technology Co., Ltd Xmeye P2P Cloud Server (ICSA-18-282-06)

The NCCIC has released an advisory predictable from observable state, hidden functionality, missing encryption of sensitive vulnerabilities in Hangzhou Xiongmai Technology Co., Ltd Xmeye P2P Cloud Server. Successful exploitation of these vulnerabilities could allow unauthorized access to video feeds with the potential to modify settings, replace firmware, and/or execute code. Hangzhou Xiongmai Technology Co., Ltd has not provided mitigations for these vulnerabilities.

Siemens ROX II (ICSA-18-282-03)

The NCCIC has released an advisory on an improper privilege management vulnerability in Siemens ROX II. All versions prior to v2.12.1 are affected. Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and execute arbitrary commands. Siemens recommends users update to the new version (v2.12.1) as soon as possible. To reduce risk, Siemens recommends that administrators restrict network access to prevent potential attackers from accessing Port 22/TCP, if possible.

GE iFix (ICSA-18-282-01)

The NCCIC has released an advisory on an unsafe for ActiveX control marked safe for scripting vulnerability in GE iFix. GE iFix 2.0 to 5.0, 5.1, 5.5, and 5.8 are affected. Successful exploitation of this vulnerability could cause a buffer overflow condition. GE released iFIX 5.9 in June 2017 to address this issue by incorporating Gigasoft Version 8.0. Additionally, GE recommends users only use ActiveX from trusted sources. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller (ICSA-18-282-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a denial of service for improper input validation vulnerability in Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, and SIMATIC ET 200SP Open Controller. Multiple products and versions of those products are affected. An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack. Siemens has provided updates to address this vulnerability and recommends users update to the new version.

Siemens SIMATIC S7-1200 CPU Family Version 4 (ICSA-18-282-04) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a cross-site request forgery (CSRF) vulnerability in SIMATIC S7-1200 CPU Version 4. All versions prior to 4.2.3 are affected. Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Siemens provides a firmware update (v4.2.3) and recommends users update to the new version. To reduce the risk, Siemens recommends users not visit other websites while being authenticated against the PLC.

Pages

Subscribe to Cybersecurity