BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSMA-17-017-02 BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities that was published February 7, 2017, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 4 -------- Researchers at...

ICSA-17-038-01_Sielco Sistemi Winlog SCADA Software

CVSS v3 7.2 Vendor: Sielco Sistemi Equipment: Winlog SCADA Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following Sielco Sistemi products are affected: Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to...

Honeywell XL Web II Controller Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified vulnerabilities in Honeywell’s XL Web II controller application. Honeywell has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following XL Web II controlle...

Moxa ioLogik E1200 Series Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-287-05 Moxa ioLogik E1200 Series Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 4 -------- Alexandru Ariciu of Applied Risk has identified...

BINOM3 Electric Power Quality Meter

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

Ecava IntegraXor

CVSS v3 7.3 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following IntegraXor version is affected: IntegraXor Version 5.0.413.0 IMPACT A successful exploit of this vulnerability could lead to...

BINOM3 Electric Power Quality Meter (Update A)

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

Belden Hirschmann GECKO

CVSS v3 5.9 ATTENTION: Remotely Exploitable/high skill level to exploit. Vendor: Belden Equipment: Hirschmann GECKO Vulnerability: Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS The following GECKO switch versions are affected: Hirschmann GECKO Lite Managed switch,...

Eaton ePDU Path Traversal Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a path traversal vulnerability in certain legacy Eaton ePDUs. Although the affected products are past end-of-life EoL and is no longer supported, Eaton has provided defense-in-depth mitigation instructions to protect devices that are still...

Belden Hirschmann GECKO (Update A)

CVSS v3 7.1 ATTENTION: Remotely Exploitable/low skill level to exploit. Vendor: Belden Equipment: Hirschmann GECKO --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Path Traversal, Server-Side Request Forgery, Cross-Site Request Forgery, Information Exposure --------- End Update A...

Schneider Electric Wonderware Historian

CVSS V3 7.3 ATTENTION: Remotely exploitable/Low skill level to exploit Vendor: Schneider Electric Equipment: Wonderware Historian Vulnerability: Credentials Management AFFECTED PRODUCTS The following Wonderware Historian versions are affected: Wonderware Historian 2014 R2 SP1 P01 and earlier...

Schneider Electric homeLYnk Controller

CVSS V3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following products: homeLYnk Controller,...

Schneider Electric homeLYnk Controller (Update A)

CVSS V3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting, Command Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-019-01...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability

OVERVIEW This advisory was originally posted to the NCCIC Portal on December 1, 2016, and is being released to the ICS-CERT web site. GE has reported an insufficiently protected credentials vulnerability in Proficy Human-Machine Interface/Supervisory Control and Data Acquisition HMI/SCADA iFIX,...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-05 GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 17, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...

ICSMA-17-017-01_BD Alaris 8000 Insufficiently Protected Credentials Vulnerability

OVERVIEW This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. Becton, Dickinson and Company BD has identified an insufficiently protected credentials vulnerability in BD’s Alaris 8000 Point of Care PC unit, which provid...

PHOENIX CONTACT mGuard

CVSS V3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerability: Software update changes password to default AFFECTED PRODUCTS PHOENIX CONTACT reports that the vulnerability affects the following mGuard products: Only devices that hav...

BD Alaris 8015 PC Unit (Update B)

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: BD Alaris 8015 PC Unit Vulnerabilities: Insufficiently Protected Credentials, Security Features 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...

Carlo Gavazzi VMU-C EM and VMU-C PV

CVSS V3 10 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Carlo Gavazzi Equipment: VMU-C EM, VMU-C PV Vulnerabilities: Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text AFFECTED PRODUCTS Carlo Gavazzi reports that the vulnerabilities affect the following...

VideoInsight Web Client

CVSS V3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: VideoInsight Equipment: Web Client Vulnerability: SQL Injection AFFECTED PRODUCTS The following Web Client versions are affected: Web Client Version 6.3.5.11 and previous versions. IMPACT A successful exploit of this...

Advantech WebAccess

CVSS V3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Authentication Bypass, SQL Injection AFFECTED PRODUCTS The following WebAccess version is affected: WebAccess Version 8.1 IMPACT Successful exploitation of this...

OSIsoft PI Coresight and PI Web API

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions: PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed usi...

OSIsoft PI Coresight and PI Web API (Update A)

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-010-01 OSIsoft PI Coresight and PI Web API that was published January 10,...

ICSMA-17-009-01A_St. Jude Merlin@home Transmitter Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSMA-17-009-01 St. Jude Merlin@home Transmitter Vulnerability that was published January 9, 2017, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 5 -------- MedSec Holdings has identified a channel...

Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities

OVERVIEW This advisory was originally posted to the NCCIC Portal library on December 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Alexey Osipov and Ilya Karpov of Positive Technologies have identified vulnerabilities in Rockwell Automation’s Allen-Bradley MicroLogix 1100 and 140...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-343-05 Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability that was published January 5, 2017, on the NCCIC/ICS-CERT web site. Rockwell Automation has identified a buff...

Cogent DataHub Elevation of Privilege Vulnerability

OVERVIEW Steven Seeley of Source Incite has identified a privilege elevation vulnerability in the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. Cogent has produced a new version to mitigate this vulnerability. Steven Seeley has tested the new version to validate that it...

Siemens APOGEE Insight Incorrect File Permissions Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-082-01 Siemens APOGEE Insight Incorrect File Permissions Vulnerability that was published March 22, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Siemens has identified an...

ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-077-01 ABB Panel Builder 800 DLL Hijacking Vulnerability that was published March 17, 2016, on the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in the ABB...

Siemens SIMATIC S7-1200 CPU Protection Mechanism Failure

OVERVIEW Siemens has identified a protection mechanism failure vulnerability in old firmware versions of SIMATIC S7-1200. Maik Brüggemann and Ralf Spenneberg from Open Source Training reported this issue directly to Siemens. Siemens provides SIMATIC S7-1200 CPU product, release V4.0 or newer, to...

Honeywell Uniformance PHD Denial Of Service (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-070-02 Honeywell Uniformance PHD Denial of Service that was published April 12, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 5 -------- Honeywell has identified a buffer overflow...

Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability

OVERVIEW David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE conformance issue involving improper frame padding in Schneider Electric’s Telvent SAGE 2300 and 2400 remote terminal units RTUs. Schneider...

INTERSCHALT VDR G4e Path Traversal Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a path traversal vulnerability in INTERSCHALT Maritime Systems’s INTERSCHALT VDR G4e application. INTERSCHALT has produced a patch to mitigate this vulnerability. Maxim Rupp has tested the patch to validate that it resolves the...

Moxa ioLogik E2200 Series Weak Authentication Practices

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-15-224-04 Moxa ioLogik E2210 VulnerabilitiesICS-ALERT-15-224-04 Moxa ioLogik E2210 Vulnerabilities, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-04, web site last accessed March 03, 2016. that was published August 12, 201...

Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.1 --------- Begin Update A Part 1 of 5 -------- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available --------- End Update A Part 1 of 5 --------- Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix Vulnerability:...

Schneider Electric Building Operation Automation Server Vulnerability

OVERVIEW Independent researcher Karn Ganeshen has identified a vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software. Schneider Electric has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely...

Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Eaton Lighting Systems’ EG2 Web Control application. Eaton Lighting Systems...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

Moxa NPort Device Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-02 Moxa NPort Device Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Security researchers Reid Wightman of RevICS Security, Mikael Vingaard, and Maxim Rupp have identifie...

Rockwell Automation Integrated Architecture Builder Access Violation Memory Error

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on February 25, 2016, and is being released to the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified an access violation memory error in Rockwell Automation’s Integrated Architecture Builder IA...

B+B SmartWorx VESP211 Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in B+B SmartWorx’s VESP211 serial servers. B+B SmartWorx has produced an implementation plan to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Moxa EDR-G903 Secure Router Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-042-01 Moxa EDR‑G903 Secure Router Vulnerabilities that was published May 17, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Moxa’s EDR‑G903 secure...

Siemens SIMATIC S7-1500 CPU Vulnerabilities

OVERVIEW Siemens has identified two vulnerabilities in the Siemens SIMATIC S7-1500 CPU family. Siemens has produced a firmware update to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens SIMATIC S7-1500 CPU versions are...

Tollgrade SmartGrid Sensor Management System Software Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified vulnerabilities in Tollgrade Communications, Inc.’s SmartGrid LightHouse Sensor Management System SMS Software EMS. Tollgrade Communications, Inc. has produced an update to mitigate these vulnerabilities. Maxim Rupp has tested the update t...

CA Unified Infrastructure Management Directory Traversal Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-315-01A CA Unified Infrastructure Management Directory Traversal Vulnerability that was published November 15, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi, working with Zero Day...

OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability

OVERVIEW OSIsoft has identified an incomplete model of endpoint features vulnerability in OSIsoft’s PI System software. OSIsoft has produced new versions to mitigate this vulnerability. AFFECTED PRODUCTS The following PI System software versions are affected: Applications using PI Asset Framework...

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

GE SNMP/Web Interface Vulnerabilities

OVERVIEW Independent researcher Karn Ganeshen has identified two vulnerabilities in the GE SNMP/Web Interface adapter. GE has produced a new firmware version to mitigate the identified vulnerabilities in later model devices. Earlier model SNMP/Web Interface adapters may need to be upgraded to...

Sauter moduWeb Vision Vulnerabilities

OVERVIEW Martin Jartelius and John Stock of Outpost24 have identified three vulnerabilities in Sauter’s moduWeb Vision application. Sauter has produced a new firmware version to mitigate these vulnerabilities. The researchers have tested the new firmware version to validate that it resolves the...