You are here

Home

ics-cert

WECON Technology Co., Ltd. LeviStudio HMI Editor (ICSA-18-011-01) – Product Used in the Water and Wastewater and Energy Sectors

ICS-CERT has released an advisory on a WECON Technology Co., Ltd. LeviStudio HMI Editor vulnerability. LEVI Studio HMI Editor v1.8.29 and prior versions are affected. Successful exploitation of these vulnerabilities may result in arbitrary code execution. WECON recommends that users update to the latest version. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert wecon levi studio hmi editor

Moxa MXview (ICSA-18-011-02) – Product Used in the Energy Sector

ICS-CERT has released an advisory on a Moxa MXview vulnerability. MXview v2.8 and prior versions are affected. Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa has produced new firmware Version 2.9 for the affected devices. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert moxa

PHOENIX CONTACT FL SWITCH (ICSA-18-011-03)

ICS-CERT has released an advisory on a PHOENIX CONTACT FL SWITCH vulnerability. All FL SWITCH 3xxx, 4xxx, and 48xxx products running firmware Version 1.0 to 1.32 are affected. Successful exploitation of these vulnerabilities may allow an unauthenticated remote attacker to gain administrative privileges and expose information to unauthenticated users. PHOENIX CONTACT recommends that affected users upgrade to firmware Version 1.33 or higher. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert phoenix contact

Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers (ICSA-18-009-01) – Product Used in the Water and Wastewater Sector

ICS-CERT has released an advisory on a Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers vulnerability. Multiple versions of this product are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unresponsive to Modbus TCP communications and affect the availability of the device. Rockwell Automation encourages affected users to upgrade to the latest version of available firmware, FRN 21.003. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert rockwell automation

Delta Electronics Delta Industrial Automation Screen Editor (ICSA-18-004-01)

ICS-CERT has released an advisory on a Delta Electronics Delta Industrial Automation Screen Editor vulnerability. Versions 2.00.23.00 and prior are affected. Successful exploitation of these vulnerabilities may allow an attacker to remotely execute arbitrary code. Delta Electronics recommends affected users update to the latest version of DOPSoft Version 2. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert delta electronics

Siemens SIPROTEC 4 and SIPROTEC Compact (Update E) (ICSA-17-187-03E) – Product Used in Energy Sector – Updated January 4, 2018

January 4, 2018
 
ICS-CERT has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.
 
November 30, 2017
 
Tags: 
ics-cert siemens siprotec 4 siprotec compact energy sector

Schneider Electric Pelco VideoXpert Enterprise (ICSA-17-355-02)

ICS-CERT has released an advisory on a Schneider Electric Pelco VideoXpert Enterprise vulnerability. All versions prior to 2.1 are affected. Successful exploitation of these vulnerabilities may allow an authorized user to gain system privileges or an unauthorized user to view files. Schneider Electric has released firmware Version 2.1 for VideoXpert to address these vulnerabilities. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

Tags: 
ics-cert schneider electric

Moxa Nport W2150A and W2250A (ICSA-17-355-01)

ICS-CERT has released an advisory on a Moxa Nport W2150A and W2250A vulnerability. Versions prior to 1.11 in both products are affected. Successful exploitation of this vulnerability could allow unauthorized access. Moxa has produced new firmware Version 2.1 for the affected devices. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.

Tags: 
ics-cert moxa

Siemens LOGO! Soft Comfort (ICSA-17-353-04)

ICS-CERT has released an alert on a Siemens LOGO! Soft Comfort vulnerability. All versions of LOGO! Soft Comfort prior to V8.2 are affected. Successful exploitation of this vulnerability could allow a remote attacker in a privileged network position to manipulate a software package during download. Siemens removed the Update Center from LOGO! Soft Comfort V8.2 and provides SHA-256 checksums for all LOGO! Soft Comfort software packages via a secured HTTPS channel.

Tags: 
ics-cert siemens

Pages

Subscribe to ics-cert