The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Vision. PI Vision versions 2017 and prior are affected. Successful exploitation of these vulnerabilities could allow remote code execution and expose information. OSIsoft recommends that users upgrade to PI Vision 2017 R2 Update 1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
The NCCIC has released an advisory on vulnerabilities in OSIsoft PI Data Archive. OSIsoft PI Data Archive versions 2016 R2 and prior are affected. Successful exploitation of these vulnerabilities could cause loss of network access to the device or allow escalated privileges that may result in gaining full control of the PI Data Archive server. OSIsoft recommends that customers upgrade to PI Data Archive 2017 R2. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
ICS-CERT has released an advisory on vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension. Numerous versions of these product are affected. Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities. For EN100 Ethernet module IEC 61850 variant (all versions prior to V4.30), Siemens recommends users update to V4.30.
ICS-CERT has released an advisory on an Eaton ELCSoft vulnerability. ELCSoft versions 2.04.02 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. Eaton has released new firmware for ELCSoft. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
ICS-CERT has released an advisory on a Schneider Electric SoMove Software and DTM Software vulnerability. Numerous versions of this product are affected. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. Schneider Electric has provided updates for the affected software packages. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
ICS-CERT has released an advisory on a Hirschmann Automation and Control GmbH Classic Platform Switches vulnerability. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow the attacker to hijack web sessions, impersonate a legitimate user, receive sensitive information, and gain access to the device. Hirschmann strongly recommends users restrict access to remote management access and apply a series of mitigation measures.
ICS-CERT has released an advisory on a Delta Electronics Delta Industrial Automation DOPSoft vulnerability. Delta Industrial Automation DOPSoft version 4.00.01 and prior are affected. Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash; a buffer overflow condition may allow remote code execution. Delta Electronics recommends affected users update to the latest version of DOPSoft Version 4.00.04. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
ICS-CERT has released an advisory on a Moxa OnCell G3100-HSPA vulnerability. OnCell G3100-HSPA series version 1.4 build 16062919 and prior are affected. Successful exploitation of these vulnerabilities may allow an attacker to remotely execute code on the device. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. Moxa has released new firmware for OnCell G3100-HSPA. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
ICS-CERT has released an advisory on a Siemens SIMATC, SIMOTION, and SINUMERIK vulnerability. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could result in execution of arbitrary code, extended privileges, and unauthenticated access to sensitive data. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms.
ICS-CERT has released an advisory on an Emerson ControlWave Micro Process Automation Controller vulnerability. Versions 05.78.00 and prior are affected. Exploitation may possibly cause a halt of Ethernet functionality, requiring a cold start to restore the system as well as communications related to ControlWave Designer access. This can possibly result in a loss of system availability and disruption in communications with other connected devices. Emerson has offered a list of recommendations to address this vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
