Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER Insufficiently Qualified Paths

OVERVIEW Ivan Sanchez from WiseSecurity Team has identified a search path vulnerability in the Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER applications. Siemens has produced updates for each of these products that mitigates this vulnerability. AFFECTED PRODUC...

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability

OVERVIEW The “GHOST"Further information about the GHOST vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235, web site last accessed March 05, 2015. vulnerability in the glibc library affects the Siemens SINUMERIK and SIMATIC HMI Basic applications. Siemens has produced an...

Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 3, 2015, and is being released to the NCCIC/ICS-CERT web site. Ivan Sanchez of NullCode & Evilcode Team has identified multiple DLL Hijacking vulnerabilities in a software component included with Rockwell...

MICROSYS PROMOTIC Stack Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. MICROSYS, spol. s r.o. has produced a new version that mitigates this vulnerability. This vulnerability could be...

Network Vision IntraVue Code Injection Vulnerability

OVERVIEW Researcher Jürgen Bilberger from Daimler TSS GmbH has identified a code injection vulnerability in Network Vision’s IntraVue software. Network Vision has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

Software Toolbox Top Server Resource Exhaustion Vulnerability

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Software Toolbox Top Server application. Software Toolbox has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECT...

Kepware Resource Exhaustion Vulnerability

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this vulnerability. This...

Schneider Electric Invensys Positioner Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...

Siemens SIMATIC Communication Processor Vulnerability (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-050-01 Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities that was published February 19, 2015, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in its SIMATIC STEP 7 TIA Portal. Siemens...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities

OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...

Siemens SIMATIC WinCC TIA Portal Vulnerabilities

OVERVIEW Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik from Positive Technologies have identified authentication vulnerabilities in the Siemens SIMATIC WinCC TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. These vulnerabilitie...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

Advantech EKI-1200 Buffer Overflow

OVERVIEW Enrique Nissim and Pablo Lorenzzato from Core Security Engineering Team have identified a buffer overflow vulnerability in Advantech EKI-1200 product line. Advantech has produced a patch that mitigates this vulnerability. CORE Security has tested the patch to validate that it resolves th...

GE Hydran M2 Predictable TCP Initial Sequence Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on February 10, 2015, and is being released to the NCCIC/ICS-CERT web site. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National...

GE and MACTek HART Device DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper...

Pepperl+Fuchs Hart Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in PEPPERL+FUCHS HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Pepperl+Fuchs has begun ...

Siemens SCALANCE X-200IRT Switch Family User Impersonation Vulnerability

OVERVIEW Siemens has identified a user impersonation vulnerability in its SCALANCE X-200IRT Switch Family. Siemens has produced a firmware update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the...

Siemens Ruggedcom WIN Vulnerability

OVERVIEW IOActive has coordinated with Siemens regarding multiple vulnerabilities in the Ruggedcom WIN firmware. Siemens has produced firmware updates that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely if there is network access to the affected service. AFFECT...

Honeywell HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in Honeywell’s HART DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Honeywell validated and released for...

Magnetrol HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...

Schneider Electric Multiple Products Buffer Overflow Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from Ariele Caltabiano kimiya with HP’s Zero Day Initiative ZDI concerning a buffer overflow vulnerability in Schneider Electric’s SoMove Lite software package. While addressing this vulnerability, Schneider Electric identified multiple vulnerable Schneid...

Siemens SIMATIC S7-1200 CPU Web Vulnerability

OVERVIEW Siemens has identified an open redirect vulnerability in the SIMATIC S7-1200 CPU family. This vulnerability was reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced an update that mitigates this...

Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities

OVERVIEW Siemens has identified denial-of-service DoS vulnerabilities in the SCALANCE X-300/X408 switch family. These vulnerabilities were reported directly to Siemens by Déjà vu Security. Siemens has produced a firmware update that mitigates these vulnerabilities. These vulnerabilities could be...

Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities

OVERVIEW Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. Schneider Electric has produced a firmware update that mitigates part of these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...

Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication

OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

Siemens SIMATIC WinCC Sm@rtClient iOS Application Authentication Vulnerabilities

OVERVIEW Siemens has identified authentication vulnerabilities in the SIMATIC WinCC Sm@rt Client application. These vulnerabilities were reported directly to Siemens by Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult NCC Group. Siemens has produced an update that mitigates thes...

CodeWrights GmbH HART DTM Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...

CodeWrights GmbH HART DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-012-01 CodeWrights GmbH HART DTM Vulnerability that was published January 12, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Alexander Bolshev has identified an improper input validation...

CodeWrights GmbH HART Device DTM Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01B CodeWrights GmbH HART DTM Vulnerability that was published January 27, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...

CodeWrights GmbH HART DTM Vulnerability

OVERVIEW Independent researcher Alexander Bolshev has identified an improper input validation vulnerability in CodeWrights GmbH HART Device Type Manager DTM libraries. CodeWrights GmbH produces DTM libraries for vendors of HART DTM products. CodeWrights GmbH has updated the libraries that mitigat...

Emerson HART DTM Vulnerability

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-008-01 Emerson HART DTM Vulnerability that was published January 8, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights...

Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability

OVERVIEW Schneider Electric Wonderware has identified a stack-based buffer overflow vulnerability in the Wonderware InTouch Access Anywhere Server product. Schneider Electric has produced a security update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 6, 2015, and is now being released to the NCCIC/ICS-CERT web site. Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech Nationa...

Supplement to ICSA-15-237-02 EasyIO-30P-SF Hard-Coded Credential Vulnerability

OVERVIEW This advisory supplement was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory supplement is to accompany the ICS-CERT advisory titled ICSA‑15‑237‑02 EasyIO-30PF-SF Hard-Coded Credential...

Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

OVERVIEW Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens...

Schneider Electric Modicon M340 Buffer Overflow Vulnerability

OVERVIEW David Atch of CyberX has identified a buffer overflow vulnerability in Schneider Electric’s Modicon M340 PLC product line. Schneider Electric has produced a new firmware patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Schneider...

eWON Vulnerabilities

OVERVIEW Independent researcher Karn Ganeshen has identified several vulnerabilities in the eWON sa industrial router. eWON sa has produced an updated firmware to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following eWON router firmwar...

Motorola MOSCAD SCADA IP Gateway Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified Remote File Inclusion RFI and Cross-Site Request Forgery CSRF vulnerabilities in Motorola Solutions’ MOSCAD IP Gateway. Motorola Solutions has confirmed this product was cancelled at the end of 2012 and no longer offer software updates...

Adcon Telemetry A840 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...

Open Automation Software OPC Systems NET DLL Hijacking Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in Open Automation Software’s OPC Systems.NET application. Open Automation Software has reviewed the vulnerability and determined not to patch the issue at this time. This vulnerability could be exploited remote...

Advantech EKI Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...

LOYTEC Router Information Exposure Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a password file vulnerability in LOYTEC’s LIP-3ECTB routers. LOYTEC has produced a firmware update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following LOYTEC routers are affected:...

XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...

Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the ICS-CERT web site. Swedish companies XPD and Assured found several crypto implementation flaws in the Pacom GMS system. Pacom has not produced a patch to mitigate...

Hospira Multiple Products Buffer Overflow Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the NCCIC/ICS-CERT web site. Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira’s LifeCare PCA Infusion System. Hospira has...

SearchBlox File Exfiltration Vulnerability

OVERVIEW Oana Murarasu of Ixia has identified a file exfiltration vulnerability in SearchBlox’s web-based proprietary search engine application. SearchBlox has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Schneider Electric ProClima ActiveX Control Vulnerabilities

OVERVIEW Ariele Caltabiano, working with HP’s Zero Day Initiative, has identified 11 remote code execution vulnerabilities in Schneider Electric’s ProClima F1 Bookview ActiveX control application. Schneider Electric has produced an update to mitigate these vulnerabilities. These vulnerabilities...