You are here

Home

nccic

Schneider Electric Floating License Manager (ICSA-18-144-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in Schneider Electric Floating License Manager. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.

Tags: 
nccic ics-cert schneider electric

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series (ICSA-18-137-02)

The NCCIC has released an advisory on command injection, information exposure, and stack-based buffer overflow vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected. Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure. PHOENIX CONTACT recommends that affected users upgrade to firmware Version 1.34 or higher.

Tags: 
nccic ics-cert phoenix contact

GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, Rxi (ICSA-18-137-01)

The NCCIC has released an advisory on an improper input validation vulnerability in GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, Rxi. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could cause the device to reboot and change its state, causing the device to become unavailable. GE has released the following firmware to mitigate the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
nccic ics-cert ge

Advantech WebAccess (ICSA-18-135-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on vulnerabilities in Advantech WebAccess. Multiple versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the host and/or target, execute arbitrary code, or delete files. Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert advantech

MatrikonOPC Explorer (ICSA-18-130-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on vulnerabilities in MatrikonOPC Explorer. Versions 5.0 and prior are affected.  If the attacker has local access to the system, an attacker could exploit this vulnerability. This could allow an attacker to transfer unauthorized files from the host system, which could result in unauthorized information disclosure. Matrikon has made fixes to this vulnerability in the version 5.1.0.0 update. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert

Rockwell Automation Arena (ICSA-18-130-02)

The NCCIC has released an advisory on a vulnerability in Rockwell Automation Arena. Versions 15.10.00 and prior are affected. Successful exploitation of this vulnerability could cause the software application to crash. Rockwell Automation encourages affected users to upgrade to the latest version of Arena software, 15.10.01 (or later). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert rockwell automation

Siemens Siveillance VMS Video Mobile App (ICSA-18-128-03)

The NCCIC has released an advisory about a vulnerability in Siemens Siveillance VMS Video Mobile App. For both Siveillance VMS for Android and iOS, all versions prior to V12.1a (2018 R1) are affected. Successful exploitation of this vulnerability may allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server.

Tags: 
nccic ics-cert siemens

Lantech IDS 2102 (ICSA-18-123-01)

The NCCIC has released an advisory about vulnerabilities in Lantech IDS 2102. Versions 2.0 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the system through crafting malicious input. The NCCIC reports Lantech has been unresponsive to its outreach; in the meantime, the NCCIC recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert

Delta Electronics PMSoft (ICSA-18-116-01)

The NCCIC has released an advisory on vulnerabilities in Delta Electronics PMSoft. All versions prior to 2.10 are affected. Successful exploitation of these vulnerabilities could cause the application to crash; stack-based buffer overflow conditions may allow arbitrary code execution. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of the vulnerabilities.

Tags: 
nccic ics-cert delta electronics

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer (ICSA-18-116-02) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on vulnerabilities in WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer. WECON LeviStudioU version 1.10, part of WECON LeviStudioU 1.8.29 and prior, and PI Studio HMI Project Programmer Build from November 11, 2017 to prior, are affected. Successful exploitation of these vulnerabilities could allow remote code execution. WECON recommends that users update to the latest version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of the vulnerabilities.

Tags: 
nccic ics-cert wecon

Pages

Subscribe to nccic