You are here

Home

nccic

Moxa MXview (ICSA-18-095-02) – Products Used in the Energy Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Moxa MXview. MXview versions 2.8 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to access and read cryptographic private keys. Moxa has developed a new version of MXview to mitigate the vulnerability. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert moxa

Rockwell Automation MicroLogix (ICSA-18-095-01) – Products Used in the Water and Wastewater Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation MicroLogix. MicroLogix 1400 versions FRN 21.003 and prior and MicroLogix 1100 versions FRN 16.00 and prior are affected. Successful exploitation of these vulnerabilities could cause denial of service, disclosure of sensitive information, communication loss, and modification of settings or ladder logic. Rockwell Automation has recommended a series of mitigation strategies for these vulnerabilities.

Tags: 
nccic ics-cert rockwell automation

WAGO 750 Series (ICSA-18-088-01) – Product Used in the Energy Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in WAGO 750 Series. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow a denial-of-service condition affecting the ability of the device to establish connections to commissioning and service software tools. WAGO has released new firmware addressing this vulnerability. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert wago

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 (ICSA-18-0086-01)

The NCCIC has released an advisory on vulnerabilities in Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200. All versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service on the device, which could result in arbitrary code execution or malicious firmware installation.

Tags: 
nccic ics-cert schneider electric

Beckhoff TwinCAT (ICSA-18-081-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Beckhoff TwinCAT. Numerous versions of these products are affected. Successful exploitation of this vulnerability could allow local attackers to escalate privileges. Beckhoff recommends users update to the newest version and recompile Matlab modules after updating. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert nccic beckhoff

Siemens SIMATIC WinCC OA UI Mobile App (ICSA-18-081-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Siemens SIMATIC WinCC OA UI Mobile App. For both Android and Apple users, all versions prior to V3.15.10 are affected. This vulnerability could be exploited by an attacker who tricks an app user to connect to a malicious WinCC OA server. Successful exploitation of this vulnerability could allow an attacker to read and write data from and to the app’s project cache folder. Siemens has provided updates to mitigate this vulnerability.

Tags: 
ics-cert nccic siemens

Pages

Subscribe to nccic