AI Assurance in UK Defence: Challenges in Operationalising JSP 936

This report examines practical challenges in operationalising JSP 936 Part 1 for AI assurance in UK Defence. Using a structured interpretive review of the directive's requirements, the analysis identifies eight thematic challenge areas adequacy of evidence and argument, management of human...

Authentication flaw

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, reported an improper input...

GE MultiLink Series Hard-coded Credential Vulnerability

OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...

Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

OVERVIEW Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens...

Honeywell Experion PKS Directory Traversal Vulnerability

OVERVIEW Independent researcher Joel Langill identified a directory traversal vulnerability in Honeywell’s Experion PKS application. This vulnerability exists in all unsupported phased out versions of the application that is still in use by some customers. Honeywell has recommended users of the...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

Siemens WinCC 7.0 SP3 Multiple Vulnerabilities

Overview This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has...