DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, reported an improper input...

ICSA-18-226-01 Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable locally/low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 TIA Portal and SIMATIC WinCC TIA Portal Vulnerabilities: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Advantech WebAccess/SCADA

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Path Traversal, SQL Injection AFFECTED PRODUCTS The following versions of WebAccess/SCADA, a SCADA software platform, are affected: WebAccess/SCADA versions prior ...

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...

JanTek JTC-200

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication AFFECTED PRODUCTS The following versions of JTC-200, a TCP/IP converter, are affected:...

Fuji Electric Monitouch V-SFT

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Stack-Based Buffer Overflow, Heap-Based Buffer Overflow, Improper Privilege Management AFFECTED PRODUCTS The following versions of Monitouch V-SFT, a screen...

Siemens SIMATIC Logon

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Logon Vulnerability: Out-of-Bounds Write AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SIMATIC Logon products: SIMATIC Logon: All versions prior to V1.6 IMPA...

Siemens Viewport for Web Office Portal

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...

ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls UPDATED INFORMATION This updated advisory is a follow-up to the...

Siemens SIMATIC CP 44x-1 Redundant Network Access Modules

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC CP 44x-1 Redundant Network Access RNA modules Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs t...

Digital Canal Structural Wind Analysis

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digital Canal Structural Equipment: Wind Analysis Vulnerability: Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Wind Analysis, a structural engineering software platform, are affected: Wind...

Moxa OnCell

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Plaintext Storage of a Password, and Cross-Site Request Forgery AFFECTED PRODUCTS The following versions of OnCell, a...

PHOENIX CONTACT mGuard

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerabilities: Resource Exhaustion, Improper Authentication AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 8.3.0 to 8.4....

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

CyberVision Kaa IoT Platform

CVSS v3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: CyberVision Equipment: Kaa IoT Platform Vulnerability: Code Injection AFFECTED PRODUCTS The following version of Kaa IoT Platform, a middleware platform, is affected: Kaa IoT Platform, Version 0.7.4, and possibly othe...

Schneider Electric Conext ComBox

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Conext ComBox Vulnerability: Resource Exhaustion AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following Conext ComBox solar battery monitor: Conext...

GE SNMP/Web Interface Vulnerabilities

OVERVIEW Independent researcher Karn Ganeshen has identified two vulnerabilities in the GE SNMP/Web Interface adapter. GE has produced a new firmware version to mitigate the identified vulnerabilities in later model devices. Earlier model SNMP/Web Interface adapters may need to be upgraded to...

ICS-CERT Report Grim Reminder of State of Critical Infrastructure Security

U.S. critical infrastructure got another reminder this week that it needs to do more to protect itself from cyber attacks with the release of an annual government report. The NCCIC/ICS-CERT FY 2015 Annual Vulnerability Coordination Report points out that nagging issues continue to plague industri...

Emerson Liebert SiteScan XML External Entity Vulnerability

OVERVIEW Researcher Evgeny Ermakov from Kaspersky Lab has identified an XML External Entity XXE vulnerability affecting Emerson’s Liebert SiteScan application. Emerson has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

The Siemens power monitoring system there are two information disclosure security vulnerability-vulnerability warning-the black bar safety net

Positive Technologies security experts to review Siemens SICAM PASpower automation systemafter the solution is found, Siemens SICAM PAS, the presence of two information disclosure VulnerabilityCVE-2 0 1 6-5 ! Security experts to the West door company to report a safety issue, Siemens immediately...