You are here

Home » Cybersecurity

Cybersecurity

Proof-of-Concept Exploit Code Now Publicly Available for Critical Microsoft CryptoAPI Spoofing Vulnerability (CVE-2020-0601)

On Tuesday, Microsoft released a patch fixing a spoofing vulnerability (CVE-2020-0601) related to the Windows CryptoAPI (Crypt32.dll) and the way it validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Windows 10, Windows Server 2016, and Windows Server 2019. More information on the vulnerability disclosure can be found in the Security & Resilience Update for January 14, 2020.

OSIsoft PI Vision (ICSA-20-014-06)

CISA has released an advisory on improper access control, cross-site request forgery (CSRF), cross-site scripting, and inclusion of sensitive information in log files vulnerabilities in OSIsoft LLC PI Vision. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities may allow disclosure of sensitive information and limit the availability of the system. OSIsoft recommends users upgrade to PI Vision 2019 and also offers defensive measures to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens SINAMICS PERFECT HARMONY GH180 (ICSA-20-014-04)

CISA has released an advisory on a protection mechanism failure in Siemens SINAMICS PERFECT HARMONY GH180. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could allow an unauthorized attacker with physical access to the affected device to restart the HMI with disabled security controls, which could be used to launch further attacks against the affected device.

Siemens SCALANCE X Switches (ICSA-20-014-03)

CISA has released an advisory on a missing authentication for critical function vulnerability in Siemens SCALANCE X Switches. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to violate access-control rules. Siemens has identified workarounds and mitigations affected users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens SINEMA Server (ICSA-20-014-02)

CISA has released an advisory on an incorrect privilege assessment vulnerability in Siemens SINEMA Server. All versions prior to Version 14.0 SP2 Update 1 are affected. Successful exploitation of this vulnerability could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. Siemens recommends users of the affected product update to a new version and has identified workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

GE PACSystems RX3i (ICSA-20-014-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has released an advisory on an improper input validation vulnerability in GE/Emerson PACSystems RX3i. For all of the affected products, all versions prior to R9.90 are affected. Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition. Emerson recommends users of the affected products update to newer versions. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

CISA Alert: Continued Exploitation of Pulse Secure Vulnerability

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has released an alert emphasizing that unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Pulse Secure disclosed the vulnerability and provided software patches in April 2019, but CISA continues to observe wide exploitation of the vulnerabilities. A remote, unauthenticated attacker can exploit this vulnerability to compromise a VPN server. The attacker may be able to gain access to all active users and their plain-text credentials.

Ryuk Ransomware Security Primer

The Multi-State Information Sharing and Analysis Center (MS-ISAC), a WaterISAC partner, has published a security primer on the Ryuk ransomware, which it describes as “one of the most prevalent variants in the state, local, tribal, and territorial government threat landscape. This product provides an overview of Ryuk’s phases of operation and offers a list of recommendations for government entities to adhere to prevent and limit the impact of a potential Ryuk ransomware compromise.

Siemens SCALANCE X (Update B) (ICSA-19-085-01) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at NCCIC/ICS-CERT.

Pages

Subscribe to Cybersecurity