You are here

Home » Cybersecurity

Cybersecurity

Emerson OpenEnterprise (ICSA-20-049-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a heap-based buffer overflow vulnerability in Emerson OpenEnterprise SCADA Server. OpenEnterprise Server 2.83 is affected if Modbus or ROC Interfaces have been installed and are in use; all versions of OpenEnterprise 3.1 through 3.3.3 are also affected. Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 4 (3.3.4), to resolve this issue. CISA also recommends a series of measures to mitigate the vulnerability.

New and Updated Information on North Korean Malicious Cyber Activity

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense have provided new and updated information on malicious cyber activity by the North Korean government. In six new Malware Analysis Reports (MARs), these agencies discuss and provide technical information for Trojan malware variants used by the North Korean government. The new Trojan malware variants include BISTROMATH, SLICKSHOES, HOTCROISSANT, ARTFULPIE, BUFFETLINE, and CROWDEDFLOUNDER.

Schneider Electric Magelis HMI Panels (ICSA-20-044-02)

CISA has published an advisory on an improper check for unusual or exceptional conditions vulnerabilities in Schneider Electric Magelis HMI Panels. All firmware versions of multiple products are affected. Successful exploitation of this vulnerability could allow a denial-of-service condition. Schneider Electric recommends users set up network segmentation and implement a firewall to block all unauthorized access to Ports 44818/TCP, 502/TCP, 6000/TCP, 6002/TCP, 8080/TCP, 8014/TCP, and 6001/TCPP. CISA also recommends a series of measures to mitigate the vulnerability.

Schneider Electric Modicon Ethernet Serial RTU (ICSA-20-044-01)

CISA has published an advisory on improper check for unusual or exceptional conditions and improper access control vulnerabilities in Schneider Electric Modicon BMXNOR0200H. All firmware versions are affected. Successful exploitation of these vulnerabilities could limit system availability. Schneider Electric recommends users set up network segmentation and implement a firewall to block all unauthorized access to Port 2404/TCP and SNMP Port 161/UDP. CISA also recommends a series of measures to mitigate the vulnerabilities.

FBI’s Internet Crime Complaint Center Releases 2019 Report

The last calendar year saw both the highest number of complaints and the highest dollar losses reported to the FBI’s Internet Crime Complaint Center (IC3), according to an annual report just published by the group. In the 2019 Internet Crime Report, the IC3 notes it received 467,361 complaints in 2019 and recorded more than $3.5 billion in losses to individual and business victims. The report describes some of the new tactics and techniques criminals deployed to carry out existing scams.

Digi ConnectPort LTS 32 MEI (ICSA-20-042-13)

CISA has published an advisory on unrestricted upload of file with dangerous type and cross-site scripting vulnerabilities in Digi International ConnectPort LTS 32 MEI. Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2 is affected. Successful exploitation of these vulnerabilities could limit system availability. Digi recommends users upgrade to the mandatory release of ConnectPort LTS Version 1.4.5, released on November 8, 2019. Additionally, it recommends a series of best practices. CISA also recommends a series of measures to mitigate the vulnerabilities.

Siemens SIPROTEC 4 and SIPROTEC Compact (ICSA-20-042-12)

CISA has published an advisory on an improper input validation vulnerability in SIPROTEC 4 and SIPROTEC Compact. All versions of both products are affected. This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Siemens SIMATIC S7-1500 (ICSA-20-042-11)

CISA has published an advisory on a resource exhaustion vulnerability in Siemens SIMATIC S7-1500 CPU family. Multiple products and versions of these products are affected. This vulnerability could allow a remote attacker to conduct denial-of-service attacks. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. CISA also recommends a series of measures to mitigate the vulnerabilities.

Siemens OZW Web Server (ICSA-20-042-09)

CISA has published an advisory on an information disclosure vulnerability in Siemens OZW web server. All versions prior to 10.0 are affected. Successful exploitation of this vulnerability could allow unauthenticated users to access project files. Siemens recommends users update OZW672 and OZW77 to version 10.0 and has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity