You are here

Home

Cybersecurity

Presidential Executive Order Gives Authority to Block Foreign Tech that Poses Risks to National Security

President Trump has signed the executive order “Securing the Information and Comunications Technology and Services Supply Chain,” which gives the federal government the authority to block telecommunications or information technology that are deemed an “unacceptable risk” to national security. The executive order doesn’t specifically mention Huawei, but concerns about the potential security implications of U.S. companies using components from the Chinese tech giant, as well as from other Chinese manufacturers, in their infrastructure undoubtedly contributed to its release.

Fuji Electric Apha7 PC Loader (ICSA-19-136-02)

The NCCIC has published an advisory on an out-of-bounds read vulnerability in Fuji Electric Alpha7 PC Loader. Versions 1.1 and prior are affected. Successful exploitation of this vulnerability could crash the device. Fuji Electric has released Version 1.2 of the software to address the vulnerability. The NCCIC has also provided a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.

Schneider Electric Modicon Controllers (ICSA-19-136-01)

The NCCIC has published an advisory on a use of insufficiently random values vulnerability in Schneider Electric Modicon Controllers. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information leakage. Schneider Electric recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability.

Siemens SIMATIC Panels and WinCC (TIA Portal) (ICSA-19-134-09) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on use of hard-coded credentials, insufficient protection of credentials, and cross-site scripting vulnerabilities in Siemens SIMATIC Panels and WinCC (TIA Portal). Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker with network access to the device to read/write variables via SNMP. Siemens has released updates for the affected products. The NCCIC has also provided a series of measures to address the vulnerabilities.

Siemens SCALANCE W1750D (ICSA-19-134-07) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on command injection, information exposure, and cross-site scripting vulnerabilities in Siemens SCALANCE W1750D. All versions prior to 8.4.0.1 are affected. Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session. Siemens recommends users upgrade to Version 8.4.0.1 or later.

Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network (ICSA-19-134-06) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an improper input validation vulnerability in Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition. Siemens recommends users upgrade to NXGpro control. The NCCIC has also provided a series of measures to address the vulnerability. Read the advisory at NCCIC/ICS-CERT.

Pages

Subscribe to Cybersecurity