CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on April 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-101-01 FANUC ROBOGUIDE-HandlingPRO ICSA-20-212-04 Mitsubishi Electric Factory Automation...

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems managed by KingHistorian, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems like KingHistorian, is related to type conversion errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerabilities of distributed control systems such as CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Entry Class, CENTUM VP, and CENTUM VP Entry Class, B/M9000CS, B/M9000 VP, and the OPC-server Exaopc are related to the unencrypted storage of account data. This allows attackers to exploit these vulnerabilities to gain increased privileges.

The vulnerabilities of distributed control systems such as CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Entry Class, CENTUM VP, and CENTUM VP Entry Class, B/M9000CS, B/M9000 VP, and the OPC-server Exaopc are related to unencrypted storage of account data. Exploiting these vulnerabilities can...

RoboDK

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could...

CP Plus KVMS Pro

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: CP Plus Equipment: KVMS Pro Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the...

GE iFIX

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: iFIX Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for privilege escalation and full control of the system. 3. TECHNICAL DETAILS 3.1...

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released eight Industrial Control Systems ICS advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics'...

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released eight Industrial Control Systems ICS advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics'...

Exploit for OS Command Injection in Netmodule Netmodule_Router_Software

Analyzing and Reproducing the Command Injection Vulnerabilit...

Medtronic Micro Clinician and InterStim Apps

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: Micros Clinician A51200 app and InterStim X Clinician A51300 app Vulnerabilities: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the clinician...

Hitachi Energy Relion 670, 650 and SAM600-IO Series

1. EXECUTIVE SUMMARY CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, 650, and SAM600-IO Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause...

CISA Releases Two Industrial Control Systems Advisories

CISA released two 2 Industrial Control Systems ICS advisories on February 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen 15 Industrial Control Systems ICS advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...

BD Alaris Infusion Central

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2 --------- 2...

Honeypot-Factory: The Use of Deception in ICS/OT Environments

The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...

Honeypot-Factory: The Use of Deception in ICS/OT Environments

The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...

CVE-2022-4557

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

CVE-2022-4557

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45089

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...