You are here

Home » Cybersecurity

Cybersecurity

Emerson WirelessHART Gateway (ICSA-20-135-02) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper access control vulnerability in Emerson WirelessHART Gateway. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could disable the internal gateway firewall. Once the gateway's firewall is disabled, a malicious user could issue specific commands to the gateway, which could then be forwarded on to the end user's wireless devices. Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.

Opto 22 SoftPAC Project (ICSA-20-135-01)

CISA has published an advisory on external control of file name or path, improper verification of cryptographic signature, improper access control, uncontrolled search path element, and improper authorization vulnerabilities in Opto 22 SoftPAC Project. Versions 9.6 and prior are affected. Successful exploitation of these vulnerabilities could allow arbitrary file write access with system access, start or stop service, allow remote code execution, and limit system availability. Opto 22 released PAC Project 10.3 to address the vulnerabilities.

Siemens SIPROTEC 5 and DIGSI 5 (Update C) (ICSA-19-190-05) – Products Used in the Energy Sector

May 12, 2020

CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.

December 10, 2019

CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.

Siemens SINAMICS (Update C) (ICSA-19-227-04) – Products Used in the Water and Wastewater and Energy Sectors

May 12, 2020

CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.

December 10, 2019

CISA has updated this advisory with additional details on the affected measures and mitigation measures. Read the advisory at CISA.

Eaton Intelligent Power Manager (ICSA-20-133-01) – Product Used in Energy Sector

CISA has published an advisory on improper input validation and incorrect privilege assignment vulnerabilities in Eaton Intelligent Power Manager. Versions 1.67 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations. Eaton has released Intelligent Power Manager v1.68 to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Microsoft Releases May 2020 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Microsoft Edge (EdgeHTML and Chromium-based), ChakraCore, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI. Read the advisory at Microsoft.

Pages

Subscribe to Cybersecurity