You are here

Home

ics-cert

Rockwell Automation Stratix Industrial Managed Ethernet Switch (ICSA-18-107-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation Stratix Industrial Managed Ethernet Switch. Allen-Bradley Stratix 8300 Industrial Managed Ethernet Switches, versions 15.2(4a)EA5 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation has released knowledge base article 1073315 and recommends implementing a series of mitigations.

Tags: 
nccic ics-cert rockwell automation

Rockwell Automation Stratix and ArmorStratix Switches (ICSA-18-107-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix and ArmorStratix Switches. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Rockwell Automation recommends users upgrade to FRN 15.2(6)E1 or later.

Tags: 
nccic ics-cert rockwell automation

Rockwell Automation Stratix Services Router (ICSA-18-107-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwelll Automation Stratix Services Router. Allen-Bradley Stratix 5900 Services Router, versions 15.6.3M1 and earlier, are affected. Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.

Tags: 
nccic ics-cert rockwell automation

Schneider Electric InduSoft Web Studio and InTouch Machine Edition (ICSA-18-107-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Schneider Electric InduSoft Web Studio and InTouch Machine Edition. InduSoft Web Studio v8.1 and prior versions and InTouch Machine Edition 2017 v8.1 and prior versions are affected. Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device.

Tags: 
nccic ics-cert schneider electric

Yokogawa CENTUM and Exaopc (ICSA-18-102-01) – Products Used in the Energy Sector

The NCCIC/ICS-CERT has released an advisory on a vulnerability in Yokogawa CENTUM series and Exaopc. Multiple versions of this product are affected. Successful exploitation of this vulnerability could allow a local attacker to generate false system or process alarms, or block system or process alarm displays. Yokogawa has produced mitigations for the affected products. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert yokogawa

Omron CX-One (ICSA-18-100-02)

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Omron CX-One. Multiple versions of this product are affected. Successful exploitation of these vulnerabilities could allow remote code execution. Omron has released an updated version of CX-One to address the reported vulnerabilities. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert omron

ATI Systems Emergency Mass Notification Systems (ICSA-18-100-01)

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in ATI’s Emergency Mass Notification System. The HPSS16, HPSS32, MHPSS, and ALERT 400 devices are affected. Improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. ATI has created a patch which adds additional security features to the command packets sent over the radio. Additionally, ATI recommends that, where feasible, simple voice radios be replaced with digital P-25 (APCO) radios, which provide highly secure encrypted links.

Tags: 
nccic ics-cert

LCDS Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA (ICSA-18-095-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC/ICS-CERT has released an advisory on a vulnerability in LCDS Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. LAquis SCADA software versions 4.1.0.3391 and prior are affected. Successful exploitation of this vulnerability could cause the device an attacker is accessing to crash, resulting in a structured exception handler overflow condition, which may allow code execution. LCDS recommends that users update to version 4.1.0.3774. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert Power Outage Resilience

Moxa MXview (ICSA-18-095-02) – Products Used in the Energy Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Moxa MXview. MXview versions 2.8 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to access and read cryptographic private keys. Moxa has developed a new version of MXview to mitigate the vulnerability. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Tags: 
nccic ics-cert moxa

Rockwell Automation MicroLogix (ICSA-18-095-01) – Products Used in the Water and Wastewater Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Rockwell Automation MicroLogix. MicroLogix 1400 versions FRN 21.003 and prior and MicroLogix 1100 versions FRN 16.00 and prior are affected. Successful exploitation of these vulnerabilities could cause denial of service, disclosure of sensitive information, communication loss, and modification of settings or ladder logic. Rockwell Automation has recommended a series of mitigation strategies for these vulnerabilities.

Tags: 
nccic ics-cert rockwell automation

Pages

Subscribe to ics-cert