Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity advisory—written by the Federal Bureau of...

Advanced Persistent Threat Actors Targeting U.S. Think Tanks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FB...

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

1. EXECUTIVE SUMMARY CVSS v3 7.4 Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows...

Fuji Electric V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution on the device. 3. TECHNICAL DETAILS 3.1...

Rockwell Automation FactoryTalk Linx

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Mitsubishi Electric MELSEC iQ-R Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Mitsubishi Electric MELSEC iQ-R Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R series Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-324-05...

Real Time Automation EtherNet/IP

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Real Time Automation RTA Equipment: 499ES EtherNet/IP ENIP Adaptor Source Code Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Schneider Electric Interactive Graphical SCADA System (IGSS)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION...

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls Equipment: American Dynamics victor Web Client, Software House C•CURE Web Client Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation...

Paradox IP150 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Paradox Equipment: IP150 Vulnerabilities: Stack-based Buffer Overflow, Classic Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Saia Burgess Controls PCD Controller Hard-coded Password Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a hard-coded password vulnerability in Saia Burgess Controls’s family of PCD controllers. Saia Burgess Controls has produced a new firmware version to mitigate this vulnerability. Artyom Kurbatov has tested the new firmware version to...

BD Alaris 8015 PC Unit and BD Alaris Systems Manager

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: BD Alaris 8015 PC Unit and BD Alaris Systems Manager Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this...

Mitsubishi Electric MELSEC iQ-R Series

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected...

Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-315-04...

Schneider Electric PLC Simulator for EcoStruxure Control Expert

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...

ICSA-20-315-01_OSIsoft PI Interface for OPC XML-DA

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Interface Vulnerability: Numeric Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker-controlled OPC XML-DA Server to respond with a...

Siemens SCALANCE W 1750D

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W 1750D Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Vision 2020 Vulnerabilities: Cross-site Scripting, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow a remote attacker with...

Mitsubishi Electric GT14 Model of GOT1000 Series

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: GT14 model of GOT1000 Series Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference,...

WECON PLC Editor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Equipment: PLC Editor Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the...

Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure...

NEXCOM NIO50

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NEXCOM Equipment: NIO 50 Vulnerabilities: Improper Input Validation, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

WAGO Series 750-88x and 750-352 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: 750-88x and 750-352 Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-308-01 WAGO...

ARC Informatique PcVue (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an...

Ransomware Activity Targeting the Healthcare and Public Health Sector

Summary This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 7 framework. See the ATT&CK for Enterprise version 7 f...

Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, Q, and L Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Mitsubishi Electric MELSEC iQ-R

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access...

North Korean Advanced Persistent Threat Focus: Kimsuky

Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and...

SHUN HU Technology JUUKO Industrial Radio Remote Control

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: SHUN HU Technology Co., Ltd Equipment: JUUKO Industrial Radio Remote Control Vulnerabilities: Authentication Bypass by Capture-replay, Command Injection 2. RISK EVALUATION...

Emotet Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA and the Multi-State...

LokiBot Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA with contributions...

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Summary The Cybersecurity and Infrastructure Security Agency CISA has consistently observed Chinese Ministry of State Security MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures TTPs to target U.S. Government...

Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK™ and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneli...

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® framework. See the ATT &CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security...

Ransomware Impacting Pipeline Operations

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK™ framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems ICS frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and...

NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors...

Phishing Emails Used to Deploy KONNI Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency CISA has observed cyber actors using emails containi...

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

Summary The Cybersecurity and Infrastructure Security Agency CISA is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the...

FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security...

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the...

Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems

Summary The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI are warning that Iranian advanced persistent threat APT actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public...

B. Braun OnlineSuite

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: OnlineSuite Vulnerabilities: Relative Path Traversal, Uncontrolled Search Path Element, Improper Neutralization of Formula Elements in a CSV File 2. RISK...

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus Vulnerabilities : Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation,...

Potential for China Cyber Response to Heightened U.S.–China Tensions

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note : on October 20, 2020, the National Security Agency NSA released a cybersecurity advisory providing...

Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: XMC20 Multiservice-Multiplexer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Rockwell Automation 1794-AENT Flex I/O Series B

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: 1794-AENT Flex I/O Series B Vulnerabilities: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute remote...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: R-SeeNet Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to retrieve sensitive information from the...

Siemens SIPORT MP

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability : Use of client-side authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate...