ics-cert

ICS-CERT has released an advisory on a 3S-Smart Software Solutions GmbH CODESYS Web Server vulnerability. All Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19, are affected. Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash, resulting in a buffer overflow condition that may allow remote code execution.

ICS-CERT has released an advisory on a Gemalto Sentinel License Manager vulnerability. All HASP SRM, Sentinel HASP, and Sentinel LDK products prior to Sentinel LDK RTE 7.55 are affected. Successful exploitation of these vulnerabilities could lead to remote code execution or cause a denial-of-service condition, rendering the Sentinel LDK License Manager service unavailable.

ICS-CERT has released an advisory on a Siemens TeleControl Server Basic vulnerability. Versions prior to V3.1 are affected. Successful exploitation of these vulnerabilities could allow for escalation of privileges to perform administrative actions. Siemens recommends that users install the latest version of TeleControl Server Basic. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

ICS-CERT has released an advisory on a Nari PCS-9611 vulnerability. All versions of the PCS-9611 relay, a control and monitoring unit, are affected. Successful exploitation of this vulnerability could allow a remote attacker arbitrary read/write abilities on the system. NCCIC has reached out to Nari and CNCERT but has not received a response. In the meantime, ICS-CERT recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.