You are here

Home » Cybersecurity

Cybersecurity

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) advised that the CERT Coordination Center (CERT/CC) has released information on a vulnerability – CVE-2020-12695 – affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition.

BEC Scams Represent a Disproportionately High Financial Risk

According to an article from Threatpost, BEC attacks in general represent a small portion of the total “email attack pie,” constituting just five percent of this activity overall. And yet, they disproportionately represent the greatest financial risk. Having led to $26 billion in losses for organizations and individuals over the past three years according to the FBI’s Internet Crime Complaint Center (IC3). Unfortunately, losses from water and wastewater utilities are included in those figures, with WaterISAC continuing to receive reports of these attacks affecting the sector.

Using the “Bow Tie Model” to Assess OT Security Impacts Due to COVID-19

As nearly every organization across the globe experienced significant disruptions from COVID-19, critical infrastructure security firm Applied Risk references the Bow Tie Model to assess eight major areas of impact that most likely affected OT operations. Applied Risk discusses threats, access and control monitoring, network segmentation, business continuity, third party security, training and awareness, risk analysis, and residual risk. Look familiar?

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports.

SWARCO CPU LS4000 (ICSA-20-154-06)

CISA has published an advisory on an improper access control vulnerability in SWARCO CPU LS4000. All OS versions starting with G4 are affected. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices. SWARCO has released a patch to fix the vulnerability and close the port. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

GE Grid Solutions Reason RT Clocks (ICSA-20-154-05) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a missing authentication for critical function vulnerability in GE Grid Solutions Reason RT Clocks. For RT430, RT431, and RT434, all firmware versions prior to 08A05 are affected. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive. GE strongly recommends users of time synchronization products update their units to firmware Version 08A05 or greater to resolve these issues. It also recommends a series of mitigation measures.

ABB Central Licensing System (ICSA-20-154-04) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on information exposure; improper restriction of XML external entity reference; uncontrolled resource consumption; permissions, privilege, and access controls; and improper access control vulnerabilities in ABB Central Licensing System. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.

ABB Multiple System 800xA Products (ICSA-20-154-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to make the system node inaccessible or tamper with runtime data in the system. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

ABB System 800xA Base (ICSA-20-154-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in ABB System 800xA Base. Versions 6.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to escalate privileges and cause system functions to stop or malfunction. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

ABB System 800xA (ICSA-20-154-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA products. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to escalate privileges, cause system functions to stop, and corrupt user applications. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity