You are here

Home » Cybersecurity

Cybersecurity

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 (ICSA-18-0086-01)

The NCCIC has released an advisory on vulnerabilities in Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200. All versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service on the device, which could result in arbitrary code execution or malicious firmware installation.

Tags: 
nccic ics-cert schneider electric

Beckhoff TwinCAT (ICSA-18-081-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Beckhoff TwinCAT. Numerous versions of these products are affected. Successful exploitation of this vulnerability could allow local attackers to escalate privileges. Beckhoff recommends users update to the newest version and recompile Matlab modules after updating. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert nccic beckhoff

Siemens SIMATIC WinCC OA UI Mobile App (ICSA-18-081-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Siemens SIMATIC WinCC OA UI Mobile App. For both Android and Apple users, all versions prior to V3.15.10 are affected. This vulnerability could be exploited by an attacker who tricks an app user to connect to a malicious WinCC OA server. Successful exploitation of this vulnerability could allow an attacker to read and write data from and to the app’s project cache folder. Siemens has provided updates to mitigate this vulnerability.

Tags: 
ics-cert nccic siemens

Geutebruck IP Cameras (ICSA-18-079-01) – Products Used in the Energy Sector

The NCCIC has released an advisory on a vulnerability in Geutebruck IP Cameras. Firmware version 1.12.0.4 of G-Cam/EFD-2250 and firmware version 3.15.1 of Topline TopFD-2125 are affected. Successful exploitation of these vulnerabilities could lead to proxy network scans, access to a database, adding an unauthorized user to the system, full configuration download including passwords, and remote code execution. Geutebrück recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19.

Tags: 
ics-cert Geutebrück

Siemens SIMATIC Industrial PCs (Update A) (ICSA-18-058-01A) – Product Used in the Water and Wastewater and Energy Sectors - Updated March 20, 2018

March 20, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.

 

February 27, 2018

Tags: 
ics-cert siemens simatic

OSIsoft PI Web API (ICSA-18-072-04)

The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision API. PI Web API versions 2017 R2 and prior are affected. Successful exploitation of these vulnerabilities could allow escalated privileges and may allow remote code execution. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1 or PI AF Services 2017 R2 Update 1, which both address the PI Web API vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert OSIsoft

OSIsoft PI Vision (ICSA-18-072-03)

The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision. PI Vision versions 2017 and prior are affected. Successful exploitation of these vulnerabilities could allow remote code execution and expose information. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

 

Tags: 
ics-cert OSIsoft

OSIsoft PI Data Archive (ICSA-18-072-02)

The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Data Archive. OSIsoft PI Data Archive versions 2016 R2 and prior are affected. Successful exploitation of these vulnerabilities could cause loss of network access to the device or allow escalated privileges that may result in gaining full control of the PI Data Archive server. OSIsoft recommends that customers upgrade to PI Data Archive 2017 R2. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert OSIsoft

Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices Using the EN100 Ethernet Communication Module Extension (ICSA-18-067-02)

ICS-CERT has released an advisory on vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension. Numerous versions of these product are affected. Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities. For EN100 Ethernet module IEC 61850 variant (all versions prior to V4.30), Siemens recommends users update to V4.30.

Tags: 
ics-cert siemens

Pages

Subscribe to Cybersecurity