You are here

Home » Cybersecurity

Cybersecurity

ABB GATE-E2 (ICSA-18-352-01)

The NCCIC has published an advisory on missing authentication for critical function and cross-site scripting vulnerabilities in ABB GATE-E2. GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018) are affected. Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise the availability of the device, read or modify registers and settings, or change the device configuration. ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL).

Schneider Electric Triconex Tricon (Update B) (ICSA-18-107-02) - Updated December 18, 2018

December 18, 2018

The NCCIC has updated this advisory with additional information on mitigation measures. NCCIC/ICS-CERT.

May 3, 2018

The NCCIC has updated this advisory with additional details on technical details, mitigation measures, and the NCCIC’s own recommendations. NCCIC/ICS-CERT.

April 17, 2018

Tags: 
nccic ics-cert schneider electric

NCCIC Analysis Report – Quasar Open Source Remote Administration Tool

The NCCIC has published an Analysis Report on the Quasar, a legitimate open source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation. This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity.  providing technical information based on samples of the malware and the techniques that were employed.

Bomb Threats Emailed Around the World

Late last week, organizations around the world, including in the U.S., Australia, and Canada, received emails claiming that an explosive device would detonate within their buildings unless a ransom in Bitcoin was paid. Samples of some of the emails show that the sender demanded $20,000 in payment, which was to be converted into Bitcoin and transferred to the sender’s Bitcoin wallet. The threats appear to have been a hoax – no detonations occurred and no devices were found.

Long-Range Emerging Threats Facing the U.S.

The Government Accountability Office (GAO) has compiled into single report various long-range emerging threats to the U.S. independently identifed by the Department of Defense, the Department of State, the Department of Homeland Security, and the Office of the Director of National Intelligence. GAO grouped the threats into four broad categories, which include adversaries’ political and military advancements, dual-use technologies, weapons, and events and demographic changes. There are threats within each of these categories that could have direct impacts on water and wastewater utilities.

Schneider Electric GUICon Eurotherm (ICSA-18-347-01)

The NCCIC has released an advisory on type confusion and stack-based buffer overflow vulnerabilities in Schneider Electric GUIcon Eurotherm. Version 2.0 of this product is affected. Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within the context of the application. Schneider Electric recommends upgrading to GUIcon Version 2.0 Software Package (Gold Build 683.003), which includes fixes for these vulnerabilities. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (ICSA-18-347-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on an improper input validation vulnerability in EN100 Ethernet Communication Module and SIPROTEC 5 relays. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could cause a denial-of-service condition of the network functionality of the device, compromising the availability of the system. Siemens has released updates for several affected products. Siemens is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.

Geutebrück GmbH E2 Series IP Cameras (ICSA-18-347-03) – Products Used in the Energy Sector

The NCCIC has released an advisory on an OS command injection vulnerability in Geutebrück GmbH E2 Series IP Cameras. Products running firmware versions prior to 1.12.0.25 are affected. Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root. Geutebrück recommends E2 series IP camera users download and update to the newest firmware version, 1.12.0.25. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector

The NCCIC has released an advisory on a path traversal vulnerability in GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. The path traversal vulnerability has been corrected by GE. GE recommends users upgrade to the current version of ControlST software as described in CSB25378.

Pages

Subscribe to Cybersecurity