You are here

Home » Cybersecurity

Cybersecurity

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller (ICSA-18-282-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a denial of service for improper input validation vulnerability in Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, and SIMATIC ET 200SP Open Controller. Multiple products and versions of those products are affected. An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack. Siemens has provided updates to address this vulnerability and recommends users update to the new version.

Siemens SIMATIC S7-1200 CPU Family Version 4 (ICSA-18-282-04) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a cross-site request forgery (CSRF) vulnerability in SIMATIC S7-1200 CPU Version 4. All versions prior to 4.2.3 are affected. Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Siemens provides a firmware update (v4.2.3) and recommends users update to the new version. To reduce the risk, Siemens recommends users not visit other websites while being authenticated against the PLC.

Siemens SCALANCE W1750D (ICSA-18-282-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on cryptographic issues in Siemens SCALANCE W1750D. All versions prior to 8.3.0.1 are affected. Successful exploitation of this vulnerability could allow an attacker to decrypt TLS traffic. Siemens provides a firmware update (v8.3.0.1) and recommends users to update to the new version. To reduce the risk, Siemens recommends administrators restrict access to the web interface of the affected devices. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

The NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools frequently observed in cyber incidents worldwide. The alert provides an overview of each tool, its capabilities, and recommended best practices network defenders can use to protect their networks against these tools.

Pages

Subscribe to Cybersecurity