You are here

Home » Cybersecurity

Cybersecurity

AVEVA InTouch (ICSA-18-200-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InTouch. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI. Systems are only vulnerable if the operating system locales do not use a dot floating point separator. AVEVA recommends a series of mitigation measures for each version of the software affected.

AVEVA InduSoft Web Studio and InTouch Machine Edition (ICSA-18-200-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition. For InduSoft Web Studio, v8.1 and v8.1SP1 are affected. For InTouch Machine Edition, V2017 8.1 and v2017 8.1 SP1 are affected. These products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

ICS Monitoring - Detect Potential TRITON/TRISIS Activity

Utilities with more mature monitoring capabilities may be interested in a new tool by Nozomi Networks, a Wireshark plug-in developed to detect TriStation protocol traffic on the network, the TriStation Protocol Plug-in for Wireshark. Wireshark, a widely used open source network packet analyzer commonly used for network troubleshooting and analysis, is extremely useful for advanced malware analysis, including detecting TRITON/TRISIS/HatMan activity.

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client (ICSA-18-198-03)

The NCCIC has released an advisory on an improper authentication vulnerability in PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client. All models of these products are affected. Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code. PEPPRL+FUCHS recommends users follow guidelines it has posted about addressing the vulnerabilities.

WAGO e!DISPLAY Web-Based-Management (ICSA-18-198-02) – Product Used in the Energy Sector

The NCCIC has released an advisory on cross-site scripting, unrestricted upload of file with dangerous type, and incorrect permissions for critical resource vulnerabilities in WAGO e!DISPLAY Web-Based-Management. Versions 762-300, 762-3001, 762-3002, and 762-3003 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.

ABB Panel Builder 800 (ICSA-18-198-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper input validation vulnerability in ABB Panel Builder 800. All versions of this product are affected. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.

Pages

Subscribe to Cybersecurity