Emerson DeltaV Uncontroller Resource Consumption Vulnerability

Overview This advisory was originally posted to the US-CERT secure portal library on February 22, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Emerson DeltaV MD and SD controllers. Independent researcher...

Siemens WinCC Exploitable Crashes

Overview ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from independent security researchers Billy Rios and Terry...

OSIsoft Multiple Vulnerabilities

OVERVIEW OSIsoft has identified multiple vulnerabilities in the PI Interface for IEEE C37.118 and reported them to ICS-CERT. OSIsoft has produced a software update that mitigates these vulnerabilities. OSIsoft has tested the software update to validate that it resolves the vulnerabilities...

Alstom Grid S1 Agile Improper Authorization

OVERVIEW This advisory provides mitigation details for a vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software. Note: Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This advisory only...

GE Proficy HMI/SCADA Cimplicity Integer Overflow

OVERVIEW This updated advisory is a follow-up to the original ICS-CERT Advisory titled ICSA-12-341-01P—GE PROFICY HMI/SCADA CIMPLICITY INTEGER OVERFLOW that was published December 06, 2012, to the US-CERT secure Portal library. Researcher Kuang-Chun Hung of Information and Communication Security...

RuggedCom Weak Cryptography for Password Vulnerability

Overview --------- Begin Update A Part 1 of 2 -------- This is an update to the original advisory titled ICSA-12-146-01—RuggedCom Weak Cryptography for Password Vulnerability that was published May 25, 2012, on the ICS-CERT Web page. Independent researcher Justin W. Clarke identified a default...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

#StopRansomware: Akira Ransomware

Actions to take today to mitigate cyber threats from Akira ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Regularl...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

EuroTel ETL3100 Radio Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : EuroTel Equipment : ETL3100 Vulnerabilities : Improper Restriction of Excessive Authentication Attempts, Authorization Bypass Through User-Controlled Key,...

Siemens SINEC INS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency NSA, the U.S. Federal Bureau of Investigation FBI, the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Japan National Police Agency NPA, and the Japan National Center of Incident Readiness and Strategy for Cybersecurity...

Delta Electronics InfraSuite Device Master

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Delta Electronics ​Equipment: InfraSuite Device Master ​Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of these...

Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Public exploits are available Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Products Vulnerabilities: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Industrial Control Links ScadaFlex II SCADA Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Industrial Control Links Equipment: ScadaFlex II SCADA Controllers Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this...

Siemens Brownfield Connectivity Gateway

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Parasolid

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current...

Schneider Electric APC Easy UPS Online

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...

Siemens SCALANCE Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINEC Network Management System Logback Component

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...

Cognex 3D-A1000 Dimensioning System

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Cognex Equipment: 3D-A1000 Dimensioning System Vulnerabilities: Missing Authentication for Critical Function, Improper Output Neutralization for Logs, Client-side Enforcement of Server-side Security 2...

Carrier LenelS2 HID Mercury access panels

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier LenelS2 Equipment: HID Mercury access panels sold by LenelS2 Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection 2...

Keysight N6854A Geolocation server and N6841A RF Sensor software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote...

Hitachi ABB Power Grids System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: Hitachi ABB Power Grids Equipment: System Data Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive...

Sensormatic Electronics KT-1

1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...

Siemens SIMATIC and TIM

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC, TIM Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability allows an unauthenticated attacker to read PLC variables from...

Mitsubishi Electric MELSEC-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in...

Schneider Electric SoMachine Basic

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SoMachine Basic Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may result in...

Hamilton-T1

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Low skill level to exploit Vendor: Hamilton Medical AG Equipment: Hamilton-T1 Vulnerabilities: Use of Hard-coded Credentials, Missing XML Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers with physical...

NEXCOM NIO50

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NEXCOM Equipment: NIO 50 Vulnerabilities: Improper Input Validation, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Publicly Available Tools Seen in Cyber Incidents Worldwide

Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.12345 In it we highlight the use of five publicly available tools, which have been used for malicious purposes in...

PSI GridConnect Telecontrol

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PSI GridConnect GmbH formerly known as PSI Nentec GmbH Equipment: Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy Vulnerability: Cross-site Scripting 2. RISK EVALUATION...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read...

WECON LeviStudioU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Memory Corruption 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

ICSA-18-345-01 McAfee SINAMICS PERFECT HARMONY GH180

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: McAfee Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Improper Access Control 2. RISK EVALUATION These files can be executed to compromise the HMI, and by extension, the drive system. 3. TECHNICAL DETAILS...

Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Billy Rios has identified an improper authorization vulnerabilit...

Schneider Electric U.motion Builder

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: U.motion Builder Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

GE MDS PulseNET and MDS PulseNET Enterprise

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities: Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal 2. RISK EVALUATION...

Siemens LOGO! Soft Comfort

CVSS v3 5.9 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Download of Code without Integrity Check AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following LOGO! Soft Comfort engineering software products: LOGO! Soft Comfort: A...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of InduSoft Web Studio and...

Detcon SiteWatch Gateway

CVSS v3 9.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Detcon Equipment: SiteWatch Gateway Vulnerabilities: Improper Authentication, Plaintext Storage of a Password AFFECTED PRODUCTS The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are...

ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability

OVERVIEW This advisory was originally posted to the NCCIC Portal on March 23, 2017, and is being released to the ICS-CERT web site. Marc Ruef and Rocco Gagliardi of scip AG have identified an open redirect vulnerability in B. Braun Medical’s SpaceCom module, which is integrated into the...

Geutebrück IP Cameras

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Authentication Bypass and Improper Neutralization of Special Elements AFFECTED PRODUCTS The following Geutebrück G-Cam IP camera version is affected: G-Cam/EFD-2250...

Tesla Gateway ECU Vulnerability

OVERVIEW Tencent’s Keen Security Lab has identified a Gateway ECU vulnerability in Tesla Motors Inc.’s Tesla Model S automobile. Tesla has produced an over-the-air firmware update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following vehic...

Tollgrade Smart Grid EMS LightHouse Vulnerabilities

OVERVIEW Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.’s Smart Grid LightHouse Sensor Management System SMS Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate...

Siemens SIPROTEC Information Disclosure Vulnerabilities (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SIPROTEC 4 and SIPROTEC Compact Vulnerabilities : Information Exposure 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-140-02...

GE and MACTek HART Device DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper...

Moxa OnCell Central Manager Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...