You are here

Home

ics-cert

WAGO 750 Series (ICSA-18-088-01) – Product Used in the Energy Sector

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in WAGO 750 Series. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow a denial-of-service condition affecting the ability of the device to establish connections to commissioning and service software tools. WAGO has released new firmware addressing this vulnerability. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Tags: 
nccic ics-cert wago

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 (ICSA-18-0086-01)

The NCCIC has released an advisory on vulnerabilities in Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200. All versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service on the device, which could result in arbitrary code execution or malicious firmware installation.

Tags: 
nccic ics-cert schneider electric

Beckhoff TwinCAT (ICSA-18-081-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Beckhoff TwinCAT. Numerous versions of these products are affected. Successful exploitation of this vulnerability could allow local attackers to escalate privileges. Beckhoff recommends users update to the newest version and recompile Matlab modules after updating. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert nccic beckhoff

Siemens SIMATIC WinCC OA UI Mobile App (ICSA-18-081-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a vulnerability in Siemens SIMATIC WinCC OA UI Mobile App. For both Android and Apple users, all versions prior to V3.15.10 are affected. This vulnerability could be exploited by an attacker who tricks an app user to connect to a malicious WinCC OA server. Successful exploitation of this vulnerability could allow an attacker to read and write data from and to the app’s project cache folder. Siemens has provided updates to mitigate this vulnerability.

Tags: 
ics-cert nccic siemens

Geutebruck IP Cameras (ICSA-18-079-01) – Products Used in the Energy Sector

The NCCIC has released an advisory on a vulnerability in Geutebruck IP Cameras. Firmware version 1.12.0.4 of G-Cam/EFD-2250 and firmware version 3.15.1 of Topline TopFD-2125 are affected. Successful exploitation of these vulnerabilities could lead to proxy network scans, access to a database, adding an unauthorized user to the system, full configuration download including passwords, and remote code execution. Geutebrück recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19.

Tags: 
ics-cert Geutebrück

Siemens SIMATIC Industrial PCs (Update A) (ICSA-18-058-01A) – Product Used in the Water and Wastewater and Energy Sectors - Updated March 20, 2018

March 20, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.

 

February 27, 2018

Tags: 
ics-cert siemens simatic

OSIsoft PI Web API (ICSA-18-072-04)

The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision API. PI Web API versions 2017 R2 and prior are affected. Successful exploitation of these vulnerabilities could allow escalated privileges and may allow remote code execution. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1 or PI AF Services 2017 R2 Update 1, which both address the PI Web API vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert OSIsoft

Pages

Subscribe to ics-cert