Siemens SICAM RTU Devices Denial-of-Service Vulnerability

OVERVIEW Stephan Beirer, Markus Mahrla, Toralf Gimpel, and Sebastian Krause, from GAI NetConsult GmbH, and Adam Crain of Automatak LLC have identified a denial-of-service vulnerability in Siemens SICAM products. Siemens has produced a firmware update to mitigate this vulnerability. This...

KMC Controls Conquest BACnet Router Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Ashish Kamble of Qualys Security and Eireann Leverett have identified authentication, denial of service, and cross-site scripting vulnerabilities in GarrettCom’s Magnum 6k and Magnum 10k product lines. GarrettCom has produced new firmware versions to mitigate these vulnerabilities. Ashis...

Siemens WinCC 7.0 SP3 Multiple Vulnerabilities

Overview This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has...

ClearSCADA Remote Authentication Bypass

Overview ICS-CERT originally released Advisory ICSA-11-173-01P “ClearSCADA Remote Authentication Bypass”, on the US-CERT Portal on June 22, 2011. This web page release was delayed to allow users sufficient time to download and install this update. Independent security researcher Jeremy Brown has...

Schneider Electric Quantum Ethernet Module Hard-Coded Credentials

OVERVIEW --------- Begin Update B Part 1 of 3 -------- This updated advisory is a follow-up to the updated advisory titled ICSA-12-018-01A Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on June 04, 2013, on the ICS-CERT Web site. It is also a follow-up to the...

Cisco Network Building Mediator

Overview Cisco has identified multiple security vulnerabilitiesCisco, http://www.cisco.com/en/US/products/productssecurityadvisory09186a0080b2c518.shtml, website last visited May 27, 2010. in the Cisco Network Building Mediator NBM products. These vulnerabilities also affect the legacy...

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Actions to take today to harden your internal environment to mitigate follow-on activity after initial access. 1. Use phishing-resistant multi-factor authentication MFA for all administrative access. 2. Verify the implementation of appropriate hardening measures, and change, remove, or deactivate...

Baker Hughes Bently Nevada 3500

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Baker Hughes - Bently Nevada Equipment : Bently Nevada 3500 System Vulnerabilities : Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive...

Iagona ScrutisWeb

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous...

Siemens Mendix Email Connector

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Email Connector Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to read and...

Emerson Proficy Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Emerson Equipment: Proficy Machine Edition Vulnerabilities: Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of...

Siemens Opcenter Quality

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Opcenter Quality Vulnerability: Incorrect Implementation of Authentication Algorithm. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated...

Emerson DeltaV Distributed Control System

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable on adjacent network/high attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data...

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

FATEK Automation WinProladder

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: WinProladder Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these...

Siemens SINAMICS Medium Voltage Products Telnet (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 3 --------- CVSS v3 8.1 --------- End Update A Part 1 of 3 --------- ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINAMICS Medium Voltage Products Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION...

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

Summary The Federal Bureau of Investigation FBI, Department of Homeland Security DHS, and Cybersecurity and Infrastructure Security Agency CISA assess Russian Foreign Intelligence Service SVR cyber actors—also known as Advanced Persistent Threat 29 APT 29, the Dukes, CozyBear, and Yttrium—will...

Rockwell Automation FactoryTalk Linx

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of...

ICSA-20-035-01_AutomationDirect C-More Touch Panels

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AutomationDirect Equipment: C-More Touch Panels EA9 Series Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Siemens SCALANCE W700 and W1700

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SCALANCE W700 and W1700 Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could...

ABB CMS-770

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: CMS-770 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read sensitive...

Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Vulnerabilities: Improper Input Validation, Use of Hard Coded Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...

Envitech Ltd. EnviDAS Ultimate

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Envitech Ltd. Equipment: EnviDAS Ultimate Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of EnviDAS Ultimate, a web application for environmental monitoring, are affected: EnviDAS...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update B)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

NXP i.MX Product Family

CVSS v3 6.0 REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The following i.MX Devices, used on logic boards, are affected: Devices affected by the Stack Buffer Overflow...

Schneider Electric VAMPSET

CVSS v3 5.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: VAMPSET Vulnerability: Memory Corruption AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products: VAMPSET, versions prior ...

Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure UPDATE INFORMATION This updated...

Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities

OVERVIEW This advisory was originally posted to the NCCIC Portal library on December 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Alexey Osipov and Ilya Karpov of Positive Technologies have identified vulnerabilities in Rockwell Automation’s Allen-Bradley MicroLogix 1100 and 140...

Environmental Systems Corporation Data Controllers Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...

IRZ RUH2 3G Firmware Overwrite Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-138-01 iRZ RUH2 3G Firmware Overwrite Vulnerability that was published May 17, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT has identified a firmware overwrite vulnerability in iRZ’s RUH2 device. iRZ has...

Honeywell Uniformance PHD Denial Of Service (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-070-02 Honeywell Uniformance PHD Denial of Service that was published April 12, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 5 -------- Honeywell has identified a buffer overflow...

Accuenergy Acuvim II Series AXM-NET Module Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified authentication bypass vulnerabilities in Accuenergy’s Acuvim II Series AXM-NET module. Accuenergy has produced guidelines to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following...

Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-300-03 Rockwell Automation MicroLogix 1100 and 1400 PLC Systems Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site. Ilya Karpov of Positive Technologies, David Atch of CyberX, an...

Schneider Electric ProClima Command Injection Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning command injection vulnerabilities in Schneider Electric’s ProClima software package. These vulnerabilities were reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc...

Emerson DeltaV Multiple Vulnerabilities

Overview ICS-CERT originally released Advisory ICSA-12-138-01P to the US-CERT secure portal on May 17, 2012, and released Update A on May 21, 2012. This web page release including Update A was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Securi...

Campbell Scientific CSI Web Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

FXC AE1021/AE1021PE

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : FXC Equipment : AE1021, AE1021PE Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

Rockwell Automation Stratix 5800 and Stratix 5200 (UPDATE A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity/known public exploitation Vendor : Rockwell Automation Equipment : Stratix 5800 and Stratix 5200 Vulnerabilities : Unprotected Alternate Channel, OS Command Injection 2. RISK EVALUATION Successful...

SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

BirdDog Cameras & Encoders

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: BirdDog Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Siemens OPC Foundation Local Discovery Server Affecting Siemens Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing...

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

AutomationDirect Stride Field I/O

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Stride Field I/O Vulnerability: Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Circutor COMPACT DC-S BASIC

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Circutor Equipment: COMPACT DC-S BASIC Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition resulting in...