GE Proficy CIMPLICITY-IPM

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: GE Equipment: Proficy CIMPLICITY Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve both code execution and local privilege escalation. 3. TECHNICAL DETAILS 3.1...

Hillrom Welch Allyn Cardio Products

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn Cardio Products Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...

Hitachi Energy PCM600 Update Manager

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Hitachi Energy Equipment: PCM600 Update Manager Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass the certificate validation and install an untrusted software...

Siemens SIMATIC RTLS Locating Manager

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Insertion of Sensitive Information into Log File, Cleartext Storage of Sensitive Information, Improper Input Validation 2. RISK EVALUATION Successful...

B. Braun Infusomat Space Large Volume Pump

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Infusomat Space Large Volume Pump Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

Siemens Desigo CC Family

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC Family Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...

Siemens Automation License Manager

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Automation License Manager Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition, preventing legitimate...

Siemens SINUMERIK Integrate Operate Client

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : SINUMERIK Integrate Operate Client Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to spoof any SSL server...

Siemens SIMATIC RFID (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC RF Products Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-159-13 Siemens SIMATIC RFID Readers...

Ransomware Activity Targeting the Healthcare and Public Health Sector

Summary This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 7 framework. See the ATT&CK for Enterprise version 7 f...

ABB System 800xA Information Manager

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: System 800xA Information Manager Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute...

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

ABB Relion 650 and 670 Series

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Relion 650 and 670 Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to reboot the device,...

GE Mark VIe, EX2100e, EX2100e

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Mark VIe, EX2100e, EX2100eReg, and LS2100e Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access system data, which could result...

Moxa MXview

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Moxa Equipment : MXview Vulnerabilities : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to access and read cryptographic...

ABB Ellipse

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: Ellipse Vulnerability: Unprotected Transport of Credentials AFFECTED PRODUCTS ABB reports that the vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse...

GEOVAP Reliance SCADA

CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GEOVAP Equipment: Reliance SCADA Vulnerability: Cross-site Scripting AFFECTED PRODUCTS The following versions of Reliance SCADA, a software management platform, are affected: Reliance SCADA Version 4.7.3 Update 2 and...

ICSMA-17-292-01_Boston Scientific ZOOM LATITUDE PRM Vulnerabilities

OVERVIEW Researchers Jonathan Butts and Billy Rios of Whitescope have identified two vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor PRM – Model 3120. Boston Scientific has provided compensating controls to reduce the risk of exploitation. AFFECTED PRODUCTS The...

Saia Burgess Controls PCD Controllers

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Saia Burgess Controls Equipment: PCD Controllers Vulnerability: Information Exposure REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on August 22, 2017, and is being released to the...

Digium Asterisk GUI

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digium Equipment: Asterisk GUI Vulnerability: Improper Neutralization of Special Elements used in an OS Command AFFECTED PRODUCTS The following versions of Asterisk GUI, a framework for configuring graphical user...

Moxa SoftNVR-IA Live Viewer

CVSS v3 7.2 Vendor: Moxa Equipment: SoftNVR-IA Live Viewer Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected: SoftNVR-IA Live Viewer, Version...

Ecava IntegraXor

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following versions of IntegraXor, a web SCADA/HMI solution, are affected: IntegraXor Versions 5.2.1231.0 and prior. IMPACT Successful...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability

OVERVIEW David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE conformance issue involving improper frame padding in Schneider Electric’s Telvent SAGE 2300 and 2400 remote terminal units RTUs. Schneider...

MICROSYS PROMOTIC Memory Corruption Vulnerability

OVERVIEW Security researcher Praveen Darshanam of Versa Networks has identified a memory corruption vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. MICROSYS has produced a new version to mitigate this vulnerability. The researcher has tested the new version to validate that it...

FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability

OVERVIEW A researcher working with Trend Micro’s Zero Day Initiative ZDI has identified a stack-based buffer overflow vulnerability in FATEK Automation's PLC WinProladder application. Fatek Automation Fatek has not produced an update to mitigate this vulnerability. ZDI has coordinated with...

Vanderbilt Industries Siemens IP CCTV Cameras Vulnerability

OVERVIEW Siemens reports that there is a vulnerability in Siemens-branded IP cameras from Vanderbilt Industries. Vanderbilt has released updates to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the...

Smiths Medical CADD-Solis Medication Safety Software Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Smiths Medical has reported two vulnerabilities in Smiths Medical’s CADD-Solis Medication Safety Software that were identified by Andrew...

Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-182-02A Siemens SICAM PAS Vulnerabilities that was published November 29, 2016, on the NCCIC/ICS-CERT web site. Positive Technologies’ Ilya Karpov and Dmitry Sklyarov have identified two vulnerabilities in the...

Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities

OVERVIEW Siemens reports that they have released a firmware update for SIPROTEC 4 and SIPROTEC Compact devices to mitigate authentication bypass and resource exhaustion vulnerabilities. Kirill Nesterov and Anatoly Katushin from Kaspersky Lab reported some of these vulnerabilities directly to...

Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 21, 2016, and is being released to the NCCIC/ICS-CERT web site. Rockwell Automation has identified authentication vulnerabilities in the FactoryTalk EnergyMetrix application. Rockwell Automation has produced...

Siemens SIMATIC S7-300 CPU Denial-of-Service Vulnerability

OVERVIEW Johannes Klick, Christian Pfahl, Martin Gebert, and Lucas Jacob from Freie Universität Berlin’s work team SCADACS have identified a Denial-of-Service DoS vulnerability in Siemens SIMATIC S7-300 CPUs. Siemens has developed mitigations for this vulnerability. This vulnerability could be...

Open Automation Software OPC Systems NET DLL Hijacking Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in Open Automation Software’s OPC Systems.NET application. Open Automation Software has reviewed the vulnerability and determined not to patch the issue at this time. This vulnerability could be exploited remote...

Eaton's Cooper Devices Improper Ethernet Frame Padding Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 22, 2015, and is being released to the ICS-CERT web site. David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE...

Yokogawa Multiple Products Buffer Overflow Vulnerabilities

OVERVIEW Yokogawa Electric Corporation has notified NCCIC/ICS-CERT of stack-based buffer overflow vulnerabilities in multiple Yokogawa products. Yokogawa has released product revisions that mitigate the vulnerabilities for many of the vulnerable products. These vulnerabilities could be exploited...

Siemens SIPROTEC Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in the SIPROTEC 4 and SIPROTEC Compact devices. This vulnerability was reported directly to Siemens by Victor Nikitin from i‑Grids LLC Russia. Siemens has produced a new firmware update to mitigate this vulnerability. This...

Nordex NC2 XSS Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-13-304-01 Nordex NC2 – Cross-Site Scripting Vulnerability that was published October 31, 2013, on the NCCIC/ICS-CERT web site. Independent researcher Darius Freamon identified a cross-site scripting vulnerability in the Nordex...

GE Proficy HMI/SCADA DNP3 Driver Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 14, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Adam Crain of Automatak has identified an improper input validation in the DNP3 driver provided by Catapult Software...

CSWorks Software SQL Injection Vulnerability

OVERVIEW Researcher John Leitch, working with HP’s Zero Day Initiative ZDI, has identified an SQL injection vulnerability in CSWorks’ CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Arbiter Systems Power Sentinel Denial-of-Service Vulnerability

Overview Arbiter Systems reported to ICS-CERT that a vulnerability that causes a denial of service DoS has been identified in Arbiter Systems Power Sentinel Phasor Measurement Unit. The vulnerability can be exploited remotely. Arbiter Systems has produced a patch that mitigates this vulnerability...

Siemens SIMATIC STEP 7 DLL Vulnerability

Overview Siemens has released a software update for a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. Previous versions of SIMATIC STEP 7 and PCS 7 allowed the loading of malicious DLL files into the STEP 7 project folder that can be used to attack the system on which ST...

Siemens Scalance S Multiple Security Vulnerabilities

Overview ICS-CERT has received a report from Siemens regarding two security vulnerabilities in the Scalance S Security Module firewall. This vulnerability was reported to Siemens by Adam Hahn and Manimaran Govindarasu for coordinated disclosure. The first issue is a brute-force credential guessin...

InduSoft Web Studio Vulnerabilities

Overview ICS-CERT has become aware of a report from the Zero Day Initiative concerning two vulnerabilities in the InduSoft Web Studio software. This information was reported to Zero Day Initiative by independent security researcher Luigi Auriemma. These vulnerabilities exploit unauthenticated...

Advantech/Broadwin WebAccess RPC Vulnerability

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-11-094-02A Advantech/Broadwin WebAccess RPC Vulnerability that was published November 4, 2011, on the NCCIC/ICS‑CERT Web site. --------- Begin Update B Part 1 of 5 -------- Independent security researcher Rubén...

Viessmann Climate Solutions SE Vitogate 300

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Viessmann Climate Solutions SE Equipment : Vitogate 300 Vulnerabilities : Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION...

AVTECH IP camera

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : AVTECH SECURITY Corporation Equipment : IP camera Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this...

PTC Creo Elements/Direct License Server (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Creo Elements/Direct License Server Vulnerability : Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...

Franklin Fueling System EVO 550/5000

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling System Equipment : EVO 550, EVO 5000 Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...