ICS-CERT has released an advisory on a WECON Technology Co., Ltd. LeviStudio HMI Editor vulnerability. LEVI Studio HMI Editor v1.8.1 and prior are affected. Successful exploitation of these vulnerabilities may result in denial of service and arbitrary code execution. WECON recommends that users update to v1.8.2. ICS-CERT.
ICS-CERT has released an advisory on an Envitech Ltd. EnviDAS Ultimate vulnerability. Versions prior to v1.0.0.5 are affected. Successful exploitation of this vulnerability could allow an attacker to view and edit settings without authenticating and execute code remotely. Envitech Ltd., recommends that users of affected versions update to the latest version of v1.0.0.5 or newer. ICS-CERT.
ICS-CERT has released an advisory on a Siemens BACnet Field Panels vulnerability. All versions prior to V3.5 of APOGEE PXC BACNet Automation Controllers and all versions prior to V3.5 of TALON TC BACnet Automation Controllers are affected. Successful exploitation of these vulnerabilities could allow unauthenticated attackers with access to the integrated webserver to download sensitive information. Siemens has provided firmware Version V3.5 for BACnet Field Panels Advanced modules, which fixes the vulnerabilities, and they recommend that users update to the new fixed version.
ICS-CERT has released an advisory on a JanTek JTC-200 vulnerability. All versions of JTC-200 are affected. Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, assume the authenticated user’s identity, and gain privileges or access to the system. JanTek will not be developing mitigations for the vulnerabilities affecting JTC-200 as it is developing a JTC-300 model scheduled for release near the end of 2017.
ICS-CERT has released an advisory on a LAVA Computer MFG Inc. Ether-Serial Link vulnerability. Versions 6.01.00/29.03.2007 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, assume the authenticated user’s identity, and gain privileges or access to the system. As LAVA Computer MFG Inc. has not responded to requests to work with ICS-CERT to mitigate this vulnerability, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
October 12, 2017
ICS-CERT has updated this advisory with mitigation details. ICS-CERT.
ICS-CERT has released an advisory on a Siemens 7KT PAC1200 Data Manager vulnerability.
ICS-CERT has released an advisory on an iniNet Solutions GmbH SCADA Webserver vulnerability. All versions prior to V2.02.0100 are affected. Successful exploitation of this vulnerability could allow malicious users to access human-machine interface (HMI) pages or to modify programmable logic controller (PLC) variables without authentication. IniNet Solutions GmbH has released a new version of the SCADA Webserver, V2.02.0100, which allows users to implement basic authentication. ICS-CERT.
ICS-CERT has released an advisory on a Digium Asterisk GUI vulnerability. Asterisk GUI 2.1.0 and prior are affected. Successful exploitation of this vulnerability could cause an authenticated attacker to execute arbitrary code on the device. Asterisk GUI is no longer maintained and should not be used. Digium recommends affected users to migrate to Digium’s SwitchVox product. ICS-CERT.
ICS-CERT has released an advisory on a Saia Burgess Controls PCD Controllers vulnerability. PCD firmware versions prior to 1.28.16 or 1.24.69 are affected. Successful exploitation of this vulnerability could allow an attacker to obtain information in memory. Saia Burgess Controls strongly recommends that users update to the latest versions of firmware, Version 1.28.16 or 1.24.69. ICS-CERT.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
