Kabona AB WDC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-17-287-07 Kabona AB WDC Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. Martin Jartelius and John Stock of Outpost 24 have identified vulnerabilities in Kabona AB’s...

Siemens Automation License Manager Vulnerabilities

OVERVIEW Siemens has identified vulnerabilities in Siemen’s Automation License Manager ALM. These vulnerabilities were reported directly to Siemens by Sergey Temnikov and Vladimir Dashchenko from Critical Infrastructure Defence Team, Kaspersky Lab. Siemens has produced a new version to mitigate...

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

OVERVIEW Siemens has released a new version of SIMATIC STEP 7 TIA Portal to mitigate information disclosure vulnerabilities. These vulnerabilities were reported directly to Siemens by Dmitry Sklyarov and Gleb Gritsai from Positive Technologies. Siemens has produced a new version to mitigate these...

OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability

OVERVIEW OSIsoft has identified a permissions vulnerability in its own PI Web API. OSIsoft has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions of PI Web...

Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities

OVERVIEW Rockwell Automation reports that several of the vulnerabilities contained in Cisco’s semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled PublicationCisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication,...

FATEK Automation Designer Memory Corruption Vulnerabilities

OVERVIEW Ariele Caltabiano kimiya working with Trend Micro’s Zero Day Initiative ZDI has identified a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek’s Automation PM and FV Designer applications. Fatek has not produced an update to mitigate these vulnerabilities. ZDI...

Philips Xper-IM Connect Vulnerabilities

OVERVIEW Independent researchers Mike Ahmadi of Synopsys and Billy Rios of Whitescope LLC, in collaboration with Philips, have identified numerous vulnerabilities with an automated software composition analysis tool in the Philips Xper-IM Connect system running on Windows XP. Philips reports that...

Animas OneTouch Ping Insulin Pump Vulnerabilities

OVERVIEW Rapid7 has identified vulnerabilities in the cybersecurity of the Animas OneTouch Ping insulin pump system. Animas will not be releasing a patch or new version to mitigate these vulnerabilities. Animas has provided compensating controls to help reduce the risk associated with the...

INDAS Web SCADA Path Traversal Vulnerability

OVERVIEW Independent researcher Ehab Hussein of IOActive has identified a path traversal vulnerability in the INDAS Web SCADA application. INDAS has produced new software to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following INDAS Web SCAD...

Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities

OVERVIEW Gregor Bonney from FH Aachen University of Applied Sciences has identified vulnerabilities in Beckhoff’s Embedded PC Images and TwinCAT Components. He published them and reported them to Beckhoff afterward. In 2014, Beckhoff produced a new build and security advisories with instructions ...

American Auto-Matrix Front-End Solutions Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a local file inclusion and a plain text storage of password vulnerabilities in American Auto-Matrix’s Building Automation Front-End Solutions application. The Aspect-Matrix hardware platform was made end of life in 2015 and will no longer...

Siemens SCALANCE M-800/S615 Web Vulnerability

OVERVIEW Siemens has identified a web security vulnerability in Siemen’s SCALANCE M-800 and S615 modules. This vulnerability was reported directly to Siemens by Alexander Van Maele and Tijl Deneut from HOWEST. Siemens has produced a new firmware version to mitigate this vulnerability. AFFECTED...

Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-182-02A Siemens SICAM PAS Vulnerabilities that was published November 29, 2016, on the NCCIC/ICS-CERT web site. Positive Technologies’ Ilya Karpov and Dmitry Sklyarov have identified two vulnerabilities in the...

Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability

OVERVIEW Independent researcher Zhou Yu has identified an unquoted service path escalation vulnerability in Moxa’s Active OPC Server application. Moxa has produced a new version to mitigate this vulnerability. Zhou Yu has tested the new version to validate that it resolves the vulnerability...

Advantech WebAccess ActiveX Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-173-01 Advantech WebAccess ActiveX Vulnerabilities that was published June 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Zhou Yu of Acorn Network Security and ZDI Zero...

Trane Tracer SC Sensitive Information Exposure Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel. Trane U.S. Inc. has produced an update to mitigate this vulnerability. Maxim Rupp has tested the update to validate that it resolves the vulnerability. This...

Yokogawa STARDOM Authentication Bypass Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from Yokogawa and JPCERT/CChttp://jvn.jp/vu/JVNVU98542287/index.html about an authentication bypass vulnerability in the Yokogawa STARDOM controller. Yokogawa has produced a new release to mitigate this vulnerability. This vulnerability could be exploited...

ABB DataManagerPro Credential Management Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from Trend Micro’s Zero Day Initiative ZDI concerning a credential management vulnerability in ABB’s DataManagerPro application. Security researcher Andrea Micalizzi reported this vulnerability to ZDI. ABB has produced a new version to mitigate this...

GE Bently Nevada 3500/22M Improper Authorization Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 8, 2016, and is being released to the NCCIC/ICS-CERT web site. GE has identified an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system. GE has produced a new firmwar...

Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities

OVERVIEW Siemens reports that they have released a firmware update for SIPROTEC 4 and SIPROTEC Compact devices to mitigate authentication bypass and resource exhaustion vulnerabilities. Kirill Nesterov and Anatoly Katushin from Kaspersky Lab reported some of these vulnerabilities directly to...

Moxa OnCell Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-236-01 Moxa OnCell Vulnerabilities that was published August 23, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified several vulnerabilities in Moxa’s OnCell products. Moxa has...

Environmental Systems Corporation Data Controllers Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...

Moxa MiiNePort Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-145-01 Moxa MiiNePort Vulnerabilities that was published May 24, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Karn Ganeshen has identified weak credential management, sensitive information not...

Locus Energy LGate Command Injection Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 29, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Daniel Reich has identified a command injection vulnerability in Locus Energy’s LGate application. Locus Energy has...

Navis WebAccess SQL Injection Vulnerability

OVERVIEW This advisory is a follow-up to the original alert, titled ICS-ALERT-16-230-01 Navis WebAccess SQL Injection Vulnerability,ICS-ALERT-16-230-01, Navis WebAccess SQL Injection Vulnerability, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01, web site last accessed August 18, 2016...

Resource Data Management Intuitive 650 TDB Controller Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-140-01 Resource Data Management Intuitive 650 TBD Controller Vulnerabilities that was published May 19, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a privilege escalati...

IRZ RUH2 3G Firmware Overwrite Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-138-01 iRZ RUH2 3G Firmware Overwrite Vulnerability that was published May 17, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT has identified a firmware overwrite vulnerability in iRZ’s RUH2 device. iRZ has...

Moxa EDR-G903 Secure Router Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-042-01 Moxa EDR‑G903 Secure Router Vulnerabilities that was published May 17, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Moxa’s EDR‑G903 secure...

Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability

OVERVIEW Cisco Talos, Cisco Systems, Inc.'s security intelligence and research group reported to Rockwell Automation that an undocumented and privileged Simple Network Management Protocol SNMP community string exists in MicroLogix 1400 programmable logic controllers PLC. Rockwell Automation has...

Rockwell Automation RSLogix 500 and RSLogix Micro File Parser Buffer Overflow Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-224-02 Rockwell Automation RSLogix 500 and RSLogix Micro File Parser Buffer Overflow Vulnerability that was published September 15, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3...

Meteocontrol WEB'log Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...

Moxa SoftCMS SQL Injection Vulnerability

OVERVIEW Zhou Yu of Acorn Network Security has identified a SQL injection vulnerability in Moxa's SoftCMS. ZDI reported this vulnerability to ICS-CERT. Moxa has produced an update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Moxa reports that t...

Siemens SINEMA Server Privilege Escalation Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-215-02 Siemens SINEMA Server Privilege Escalation Vulnerability that was published August 2, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researcher rgod working...

Siemens SINEMA Remote Connect Server Cross-site Scripting Vulnerability

OVERVIEW Researchers Antonio Morales Maldonado of INNOTEC SYSTEM, and Alexander Van Maele and Tijl Deneut of Howest have identified a cross-site scripting XSS vulnerability in the Siemens SINEMA Remote Connect Server application. Siemens has produced an update to mitigate this vulnerability. This...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...

Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has produced a new version to mitigate this vulnerability. This vulnerability could be exploit...

Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability

OVERVIEW Andrea Micalizzi discovered an unsafe ActiveX control vulnerability in Schneider Electric’s SoMachine software. He reported this vulnerability to ZDI who then reported it to NCCIC/ICS‑CERT. Schneider Electric has produced a patch to mitigate this vulnerability. This vulnerability could b...

Moxa MGate Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Moxa’s MGate products. Moxa has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Moxa reports that the vulnerability...

Tollgrade Smart Grid EMS LightHouse Vulnerabilities

OVERVIEW Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.’s Smart Grid LightHouse Sensor Management System SMS Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate...

GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability

OVERVIEW Zhou Yu of Acorn Network Security identified an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. GE produc...

Honeywell Uniformance PHD Denial Of Service (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-070-02 Honeywell Uniformance PHD Denial of Service that was published April 12, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 5 -------- Honeywell has identified a buffer overflow...

Siemens Industrial Products DROWN Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNa Decrypting RSA with Obsolete and Weakened eNcryption attac...

Siemens Industrial Products glibc Library Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-103-01B Siemens Industrial Products glibc Library Vulnerability that was published July 14, 2016, on the NCCIC/ICS-CERT web site. Siemens reports that a buffer overflow vulnerability in the glibc library could...

Moxa Device Server Web Console Authorization Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authorization bypass vulnerability in Moxa’s Device Server Web Console. Moxa has indicated the NPort 5232-N was discontinued in 2012 and has produced recommendations to mitigate this vulnerability. This vulnerability could be exploited...

WECON LeviStudio Buffer Overflow Vulnerabilities

OVERVIEW Independent security researchers Rocco Calvi and Brian Gorenc, working with Trend Micro’s Zero Day Initiative, have identified buffer overflow vulnerabilities in WECON’s LeviStudio software. WECON has not released a product fix to addresses the buffer overflow vulnerabilities in the...

Rexroth Bosch BLADEcontrol-WebVIS Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a SQL injection vulnerability and a cross-site scripting vulnerability in the Rexroth Bosch BLADEcontrol-WebVIS. Rexroth Bosch has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely...

Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-182-02A Siemens SICAM PAS Vulnerabilities that was published November 29, 2016, on the NCCIC/ICS-CERT web site. Positive Technologies’ Ilya Karpov and Dmitry Sklyarov have identified two vulnerabilities in the...

Eaton ELCSoft Programming Software Memory Vulnerabilities

OVERVIEW Ariele Calgaviano working with Zero Day Initiative has identified a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton’s ELCSoft programming software. Eaton has released a revision to mitigate these vulnerabilities. These vulnerabilities could b...

Meinberg NTP Time Server Vulnerabilities

OVERVIEW Independent researcher Ryan Wincey has identified a stack buffer overflow vulnerability and a privilege escalation vulnerability in Meinberg’s NTP Time Servers Interface. Meinberg has produced a new Version 6.20.004 to mitigate these vulnerabilities. The researcher has validated the...

Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability

OVERVIEW Rockwell Automation has identified a resource management vulnerability in Rockwell Automation’s Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches. Rockwell Automation has produced a new firmware version to mitigate this vulnerability. This...