ICS-CERT has released an advisory on a PHOENIX CONTACT mGuard Device Manager. Versions 1.8.0 and older are affected. Successful exploitation of these vulnerabilities could allow unauthorized remote access, modification of data, and may allow remote and local users to gain elevated privileges. PHOENIX CONTACT recommends that all users of the affected product on Windows should update to at least Version 1.8.0.1. ICS-CERT.
ICS-CERT has released an advisory on vulnerabilities in LOYTEC LVIS-3ME. LVIS-3ME versions prior to 6.2.0 are affected. Successful exploitation of these vulnerabilities may result in information exposure or allow arbitrary code execution. LOYTEC has released a firmware update, V6.2.0, to address these vulnerabilities. ICS-CERT.
ICS-CERT has released an advisory on a vulnerability in mySCADA myPRO, an HMI/SCADA management platform. myPRO Versions 7.0.26 and prior are affected. Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges. mySCADA has released new versions that address the identified vulnerability. ICS-CERT.
ICS-CERT has released an advisory on a SpiderControl SCADA Web Server vulnerability. Versions 2.02.2007 and prior are affected. Successful exploitation of this vulnerability could allow authenticated system users to escalate their privileges under certain conditions. SpiderControl has produced a new version of the software (Version 2.02.0100). ICS-CERT.
ICS-CERT has released an advisory on a PHOENIX CONTACT, Innominate Security Technologies mGuard firmware vulnerability. Versions 8.0.0 to 8.5.1 of the firmware running on a variety of mGuard Network Security Appliances are affected. Successful exploitation of this vulnerability could allow attackers to cause a remote denial of service and force a restart of all IPSec connections. PHOENIX CONTACT and Innominate Security Technologies recommend users update to firmware Version 8.5.2 or higher, which fixes this vulnerability.
July 27, 2017
ICS-CERT has updated its advisory titled “Schneider Electric Magelis HMI Resource Consumption Vulnerabilities.” Schneider Electric has released a new version of Vijeo XD, Version 2.4.2, which does not integrate the web server feature containing the identified vulnerabilities. ICS-CERT.
November 22, 2016
Osterman Research along with Intel, McAfee, Spamhaus, and other cybersecurity organizations has published a white paper on best practices to deal with phishing and ransomware. According to the study, both phishing and crypto ransomware are increasing by several hundred percent per quarter, the vast majority of victims were impacted in the past 12 months, most security practices are not improving over time perhaps due to lack of expertise, and security awareness training needs improvement. The study includes recommendations for best practices.
WaterISAC hosted a panel of experts who discussed emerging legal risks and standards relating to cybersecurity and critical infrastructure sectors and how specialized insurance can be used by water and wastewater utilities to help mitigate the financial and reputational repercussions of cyber incidents. Panelists included Steven Bonafonte, Attorney, Pullman and Comley, LLC; Jim Grooms, Vice President - Commercial Lines, Brown and Brown of New York, Inc.; and Bob Bregman, Senior Research Analyst, International Risk Management Institute, Inc.
WaterISAC conducted a webcast on public notification during water contamination events and outages on Tuesday, July 22, 2014. WaterISAC's guest was Cheryl Santor, the Information Security Manager for the Metropolitan Water District of Southern California.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
