You are here

Home » Cybersecurity

Cybersecurity

ICS-CERT Advisory Emerson DeltaV Vulnerabilities (ICSA-14-133-02, May 22, 2014)

An attacker with local access to the affected product may be able to read and replace configuration files and log into accounts for which they do not have the correct authorization. A successful exploit of these vulnerabilities is likely to cause a denial of service.  Emerson has created a patch to mitigate these vulnerabilities.

Products affected: DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3

Read ICS-CERT Advisory 14-133-02.

 

ICS-CERT Advisory: CSWorks Software SQL Injection Vulnerability (ICSA-14-135-01, May 15, 2014)

Researcher John Leitch, working with HP’s Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks’ CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability. This vulnerability could be exploited remotely.

AFFECTED PRODUCTS

The following CSWorks software versions are affected:

CSWorks Version 2.5.5050.0 and prior.

Read ICS-CERT Advisory 14-135-01.

ICS-CERT Advisory: Schneider Electric Wonderware OpenSSL Vulnerability (ICSA-14-135-02, May 15, 2014)

Schneider Electric Wonderware’s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.

AFFECTED PRODUCTS

Tags: 
openssl heartbleed

ICS-CERT Advisory: Unified Automation OPC SDK OpenSSL Vulnerability (ICSA-14-135-04, May 15, 2014)

On April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits (SDKs) for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacing the OpenSSL library with a current version (1.01.g or later) to mitigate this vulnerability.

This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.

Tags: 
openssl heartbleed

ICS-CERT Advisory: OpenSSL Vulnerability (ICSA 14-135-05, May 15, 2014)

This update to ICS-ALERT 14-099-01E covers affected products and impacts of the OpenSSL vulnerability and provides background details, a vulnerability characterization. It also provides information on mitigation, OpenSSL scanning in ICS environments, detection signatures and use of specialized search engines.

Read ICS-CERT Advisory 14-135-05.

EPA Cyber Security 101 for Water Utilities

In July 2012, the EPA released a Cyber Security 101 document for water utilities that provides a quick overview of the key features of any active and effective cyber security program. The document addresses potential types of cyber attacks on water systems, how cyber attacks can affect water systems, and basic recommendations for preventing cyber attacks.

Tags: 
cyber threat epa cyber security security preparedness water system

DHS / CPNI - Cyber Security Assessments of Industrial Control Systems Good Practice Guide

This guide, produced by the Centre for the Protection of National Infrastructure and the U.S. Department of Homeland Security's National Cyber Security Division - Control Systems Security Program, aims to assists asset owners to maximise the return on their investment when commissioning assessments of their industrial control systems (ICS).

Tags: 
dhs cyber threat vulnerability assessment guidance industrial control system

Pages

Subscribe to Cybersecurity