McAfee Night Dragon Report (Update A)

Overview McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”McAfee, http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, accessed February 10, 2011. which describes advanced persistent threat activity designed to obtain...

Wind River VxWorks Vulnerabilities

Overview A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default VU362332 and a weak hashing algorithm used in authentication VU840249. ICS-CERT has been coordinating with CERT/CC in...

ABB NETCADOPS HELP SYSTEM VULNERABILITY

Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScriptingXSS vulnerability exists in the system used by the ABB Electrical Distribution Management System DMS product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB...

GLEG Agora SCADA+ Exploit Pack

OVERVIEW On March 15, 2011, GLEG Ltd. announced the Agora SCADA+ Exploit Pack for Immunity’s CANVAS system. CANVAS is a penetration testing framework that is extensible using CANVAS Exploit Packs. On March 25, 2011, GLEG announced it would be adding exploits for the 35 vulnerabilities released by...

Ecava IntegraXor Directory Traversal

Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal, published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could all...

Primary Stuxnet Advisory

OVERVIEW ICS-CERT has been actively investigating and reporting on the Stuxnet vulnerability. To date, ICS-CERT has released ICSA-10-201-01 - Malware Targeting Siemens Control Software including Updates B & C and ICSA-10-238-01 - Stuxnet Mitigations including Update B. Stuxnet uses four zero-day...

SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability

Overview This advisory is a follow-up to ICS-ALERT-10-260-01 SCADA Engine BACnet OPC Client Buffer Overflow, which was published on the ICS-CERT Web site on September 17, 2010. A buffer overflow vulnerability has been reportedSecunia Advisory SA41466, http://secunia.com/advisories/41466/, website...

RealFlex RealWin Buffer Overflow

Overview This advisory is a follow-up to ICS-ALERT-10-305-01 RealFlex RealWin Buffer Overflows, which was published on the ICS-CERT Web site on November 01, 2010. On October 15, 2010 an independent security researcher posted informationResearcher, http://aluigi.altervista.org/adv/realwin1-adv.txt...

ICONICS GENESIS (32 & 64) Vulnerabilities

OVERVIEW This advisory is a follow-up to ICS-ALERT-11-080-02 ICONICS GENESIS 32 & 64 Vulnerabilities, published on the ICS-CERT Web site on March 20, 2011. An independent security researcher has published 13 vulnerabilities with proof of concept PoC code for the ICONICS GENESIS32 and GENESIS64...

DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, reported an improper input...

RealFlex RealWin Vulnerabilities

Overview This ICS-CERT Advisory is a follow-up to the ICS-CERT Alert titled, “ICS-ALERT-11-080-04—Multiple Vulnerabilities in RealFlex RealWin.” An independent researcher has published exploit code for seven vulnerabilities identified in RealFlex Technologies’ RealWin 2.1.10 Demo Supervisory...

Ice Qube Thermal Management Center

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Ice Qube Equipment: Thermal Management Center Vulnerabilities: Improper Authentication, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

AGG SCADA Viewer OPC Buffer Overflow Vulnerability

Overview The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has...

Progea Movicon TCPUploadServer (Update A)

Overview ICS-CERT has received a report from independent security researcher Jeremy Brown of a data leakage and denial-of-service vulnerability in Progea’s Movicon 11 human machine interface HMI product. Progea has verified the vulnerability and has developed a patch to address the issue. ICS-CER...

Beijer Electronics ADP and H-Designer Buffer Overflow Vulnerability

Overview This advisory provides details about a buffer overflow vulnerability in multiple Beijer Electronics ADP and H-designer products. Independent researcher Kuang-Chun Hung of Information and Communication Security Technology Center ICST has identified a buffer overflow vulnerability in Beije...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

Opto 22 PAC Control Basic and PAC Control Professional

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Opto 22 Equipment: PAC Control Basic and PAC Control Professional Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device...

Philips e-Alert Unit

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/exploitable from within the same local subnet Vendor: Philips Equipment: Philips e-Alert Unit non-medical device Vulnerabilities: Improper Input Validation, Cross-site Scripting, Information Exposure,...

Siemens OpenSSL Vulnerabilities (Update G)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update G Part 1 of 3 -------- Siemens has identified four vulnerabilities in its OpenSS...

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerabilities: Information Management Errors, Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...

ABB eSOMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerability: Improper Authentication 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-240-04 ABB eSOMS that was published...

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely...

Schneider Electric PowerLogic PM5560

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PowerLogic PM5560 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow user input to be manipulated,...

ICSMA-18-240-01_Qualcomm Life Capsule

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Qualcomm Life Equipment: Capsule Datacaptor Terminal Server DTS Vulnerability: Code Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute...

Siemens SPCanywhere App Vulnerabilities

OVERVIEW Karsten Sohr, Bernhard Berger, and Kai Hillmann from the TZI-Bremen, Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult, and Stefan Schuhmann have identified vulnerabilities in the Siemens SPCanywhere mobile application. Siemens has produced a new mobile application calle...

Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Vulnerability

OVERVIEW ZDI has identified a buffer overflow vulnerability discovered by Steven Seeley of Source Incite in Unitronics VisiLogic. Unitronics has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Unitronics reports that the...

7-Technologies IGSS Remote Memory Corruption

Overview ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies 7T by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability. 7T has...

Rockwell Automation RSLinx Classic EDS Vulnerability (Update A)

OVERVIEW A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool RSHWare.exe. This vulnerability is likely exploitable; however, significant user interaction would be required. AFFECTED PRODUCTS EDS Hardware Installation Tool Version 1.0.5.1...

Schneider Electric Pelco Digital Sentry Video Management System Vulnerability

OVERVIEW Schneider Electric has identified a hard-coded credential vulnerability in Schneider Electric’s Pelco Digital Sentry Video Management System. Schneider Electric has produced a new firmware version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Federal Aviation Administration GPS Testing

Overview The US Federal Aviation Administration FAA has issued two flight advisories identifying planned Global Positioning System GPS temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing...

7-Technologies IGSS Denial of Service (Update A)

Overview ICS-CERT has become aware of multiple denial-of-service DoS vulnerabilities in the 7-Technologies 7T Interactive Graphical SCADA System IGSS supervisory control and data acquisition SCADA human-machine interface HMI application. All vulnerabilities are remotely exploitable. 7T has...

MOXA Device Manager Buffer Overflow (Update A)

Overview --------- Begin Update A Part 1 of 2 ---------- On October 20, 2010, an independent security researcher postedRubén Santamarta, http://www.reversemode.com/index.php?option=comcontent&task=view&id=70&Itemid=1, website last visited October 28, 2010. information regarding a vulnerability in...

ClearScada Vulnerabilities (Update A)

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The...

OpenSSL Releases Security Advisory

OVERVIEW On June 5, 2014, OpenSSL announcedOpenSSL Security Advisory 05 Jun 2014, https://www.openssl.org/news/secadv20140605.txt, web site last accessed June 05, 2014. that they were releasing new versions that mitigate several additional vulnerabilities that were discovered since the last OpenS...

Hospira LifeCare PCA Infusion System Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-125-01 Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 5, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Billy Rios has identified an improper authorization vulnerabilit...

BD Alaris Plus

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: Alaris GS, Alaris GH, Alaris CC, Alaris TIVA Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may...

Certec Atvise Server Remote DOS

Overview Independent researcher Luigi Auriemma has identified a denial of service DoS vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability. Affected Products Atvise...

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Remotely exploitable/Low skill level to exploit Vendor: Yokogawa Equipment: iDefine, STARDOM, ASTPLANNER, and TriFellows Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary...

Philips IntelliVue Information Center iX (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips IntelliVue Information Center iX Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSMA-18-233-01 Philips...

Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Vulnerabilities: Improper Input Validation, Use of Hard Coded Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Emerson DeltaV DCS Workstations

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/Low skill level to exploit Vendor: Emerson Equipment: DeltaV DCS Workstations Vulnerabilities: Uncontrolled Search Path Element, Relative Path Traversal, Improper Privilege Management, Stack-Based Buffer Overflow 2. RISK EVALUATION...

Philips IntelliSpace Cardiovascular Vulnerabilities

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips’ IntelliSpace Cardiovascular ISCV products Vulnerabilities: Improper Privilege Management, Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Crestron TSW-X60 and MC3

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Crestron Equipment: TSW-X60 and MC3 Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

NetComm Wireless 4G LTE Light Industrial M2M Router

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NetComm Wireless Equipment: 4G LTE Light Industrial M2M Router Vulnerabilities: Information Exposure, Cross-site Request Forgery, Cross-site Scripting, Information Exposure through Directory Listin...

Medtronic MyCareLink 24950 Patient Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.9 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Insufficient Verification of Data Authenticity, Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker with...

Siemens OpenSSL Vulnerability in Industrial Products (Update E)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Industrial Products Vulnerability : Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-18-226-02 Siemens...

ICSA-18-226-03 Siemens Automation License Manager

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Automation License Manager Vulnerabilities: Relative Path Traversal, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Delta Electronics CNCSoft and ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft and ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

ICSA-18-226-01 Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable locally/low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 TIA Portal and SIMATIC WinCC TIA Portal Vulnerabilities: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Medtronic MiniMed MMT-500/MMT-503 Remote Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Medtronic --------- Begin Update A Part 1 of 3 -------- Equipment: Medtronic MiniMed MMT-500 and MMT-503 Remote Controllers --------- End Update A Part 1 of 3 -------- Vulnerabilities: Cleartext Transmission of Sensitive Information, Authentication Bypass...