You are here

Home » Cybersecurity

Cybersecurity

Delta Electronics Delta Industrial Automation Screen Editor (ICSA-18-004-01)

ICS-CERT has released an advisory on a Delta Electronics Delta Industrial Automation Screen Editor vulnerability. Versions 2.00.23.00 and prior are affected. Successful exploitation of these vulnerabilities may allow an attacker to remotely execute arbitrary code. Delta Electronics recommends affected users update to the latest version of DOPSoft Version 2. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert delta electronics

Siemens SIPROTEC 4 and SIPROTEC Compact (Update E) (ICSA-17-187-03E) – Product Used in Energy Sector – Updated January 4, 2018

January 4, 2018
 
ICS-CERT has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.
 
November 30, 2017
 
Tags: 
ics-cert siemens siprotec 4 siprotec compact energy sector

Schneider Electric Pelco VideoXpert Enterprise (ICSA-17-355-02)

ICS-CERT has released an advisory on a Schneider Electric Pelco VideoXpert Enterprise vulnerability. All versions prior to 2.1 are affected. Successful exploitation of these vulnerabilities may allow an authorized user to gain system privileges or an unauthorized user to view files. Schneider Electric has released firmware Version 2.1 for VideoXpert to address these vulnerabilities. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert schneider electric

Moxa Nport W2150A and W2250A (ICSA-17-355-01)

ICS-CERT has released an advisory on a Moxa Nport W2150A and W2250A vulnerability. Versions prior to 1.11 in both products are affected. Successful exploitation of this vulnerability could allow unauthorized access. Moxa has produced new firmware Version 2.1 for the affected devices. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert moxa

Siemens LOGO! Soft Comfort (ICSA-17-353-04)

ICS-CERT has released an alert on a Siemens LOGO! Soft Comfort vulnerability. All versions of LOGO! Soft Comfort prior to V8.2 are affected. Successful exploitation of this vulnerability could allow a remote attacker in a privileged network position to manipulate a software package during download. Siemens removed the Update Center from LOGO! Soft Comfort V8.2 and provides SHA-256 checksums for all LOGO! Soft Comfort software packages via a secured HTTPS channel.

Tags: 
ics-cert siemens

PEPPERL+FUCHS/ecom Instruments WLAN Capable Devices Using the WPA2 Protocol (ICSA-17-353-02)

ICS-CERT has released an alert on a PEPPERL+FUCHS/ecom instruments vulnerability. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to operate as a “man-in-the-middle” between the device and the wireless access point. For some of the products, PEPPERL+FUCHS/ecom instruments is still working on fixes for the vulnerabilities. For devices running Windows, the company recommends users apply a security update provided by Microsoft.

Tags: 
ics-cert pepperl+fuchs/ecom instruments

ABB Ellipse (ICSA-17-353-01) – Product Used in the Energy Sector

ICS-CERT has released an alert on an ABB Ellipse vulnerability. The vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). Successful exploitation of this vulnerability could allow an attacker to discover authentication credentials by sniffing the network traffic. ABB has released several product updates to mitigate the vulnerability. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert abb

WECON Technology Co., Ltd. LeviStudio HMI (ICSA-17-353-05) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on a WECON Technology Co., Ltd. LeviStudio HMI vulnerability. All versions of LeviStudio HMI are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution. WECON recommends that users update to the latest version. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert wecon

Ecava IntegraXor (ICSA-17-353-03) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on an Ecava IntegraXor vulnerability. Versions of Ecava IntegraXor v.6.1.1030.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the database or generate an error in the database log. Ecava recommends that users of affected IntegraXor versions update to version 6.1.1215.0 or newer. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert ecava

WAGO PFC200 (ICSA-17-341-01)

ICS-CERT has released an alert on an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. The vulnerability is exploitable by sending a TCP payload on the bound port. ICS-CERT has notified WAGO of the report and has asked it to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

Tags: 
ics-cert wago

Pages

Subscribe to Cybersecurity