You are here

Home

ics-cert

PEPPERL+FUCHS/ecom Instruments WLAN Capable Devices Using the WPA2 Protocol (ICSA-17-353-02)

ICS-CERT has released an alert on a PEPPERL+FUCHS/ecom instruments vulnerability. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to operate as a “man-in-the-middle” between the device and the wireless access point. For some of the products, PEPPERL+FUCHS/ecom instruments is still working on fixes for the vulnerabilities. For devices running Windows, the company recommends users apply a security update provided by Microsoft.

Tags: 
ics-cert pepperl+fuchs/ecom instruments

ABB Ellipse (ICSA-17-353-01) – Product Used in the Energy Sector

ICS-CERT has released an alert on an ABB Ellipse vulnerability. The vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). Successful exploitation of this vulnerability could allow an attacker to discover authentication credentials by sniffing the network traffic. ABB has released several product updates to mitigate the vulnerability. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert abb

WECON Technology Co., Ltd. LeviStudio HMI (ICSA-17-353-05) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on a WECON Technology Co., Ltd. LeviStudio HMI vulnerability. All versions of LeviStudio HMI are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution. WECON recommends that users update to the latest version. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert wecon

Ecava IntegraXor (ICSA-17-353-03) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an alert on an Ecava IntegraXor vulnerability. Versions of Ecava IntegraXor v.6.1.1030.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the database or generate an error in the database log. Ecava recommends that users of affected IntegraXor versions update to version 6.1.1215.0 or newer. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert ecava

WAGO PFC200 (ICSA-17-341-01)

ICS-CERT has released an alert on an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. The vulnerability is exploitable by sending a TCP payload on the bound port. ICS-CERT has notified WAGO of the report and has asked it to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

Tags: 
ics-cert wago

Xiongmai Technology IP Cameras and DVRs (ICSA-17-341-01)

ICS-CERT has released an alert on a Xionmai Technology IP cameras and DVRs vulnerability. All IP cameras and DVRs using the NetSurveillance Web interface are affected. Successful exploitation of this vulnerability could cause the device to reboot and return to a more vulnerable state in which Telnet is accessible. Xiongmai Technology has not responded to requests to coordinate with NCCIC/ICS-CERT. ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert

Geovap Reliance SCADA (ICSA-17-334-02) – Product Used in Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Geovap Reliance vulnerability. Reliance SCADA Version 4.7.3 Update 2 and prior versions are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary JavaScript in a specially crafted URL request that may allow for read/write access. To address this vulnerability, Geovap has released Version 4.7.3 Update 3 of the software. Additionally, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of the vulnerability.

Tags: 
ics-cert geovap reliance

Siemens SWT3000 (ICSA-17-334-01) – Product Used in Energy Sector

ICS-CERT has released an advisory on a Siemens SWT3000 vulnerability. Multiple versions of this product are affected. Successful exploitation of these vulnerabilities under certain conditions may allow attackers to perform a denial-of-service attack. Siemens has provided updated firmware that fixes the vulnerabilities and recommends users update to the newest version. Additionally, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of the vulnerability.

Tags: 
ics-cert siemens

Siemens SCALANCE W1750D, M800, and S615 (ICSA-17-332-01) – Product Used in Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a Siemens SCALANCE W1750D, M800, and S615 vulnerability. All versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to crash the DNS service or execute arbitrary code by crafting malicious DNS responses. Siemens reports it is preparing updates for the affected products and recommends a series of mitigations. Additionally, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of the vulnerability.

Tags: 
ics-cert siemens

PHOENIX CONTACT WLAN Capable Devices Using the WPA2 Protocol (ICSA-17-325-01)

ICS-CERT has released an advisory on a PHOENIX CONTACT WLAN capable devices using the WPA2 Protocol vulnerability. Numerous versions of these devices are affected. Successful exploitation of this vulnerability could allow an attacker to operate as a “man-in-the-middle” between a device and a wireless access point.

Tags: 
ics-cert phoenix contact

Pages

Subscribe to ics-cert