Moxa OnCell Central Manager Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...

Tibbo AggreGate Platform Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning two vulnerabilities in Tibbo’s AggreGate SCADA/HMI package, which is part of the AggreGate Platform. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi rgod. Tibbo has produced a...

Exemys Web Server Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a login bypass in the Exemys Telemetry Web Server. Exemys has not produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Exemys product is affected: Exemys Telemetry...

OSIsoft PI Data Archive Server Vulnerabilities

OVERVIEW OSIsoft has identified 56 vulnerabilities in its own PI System software. OSIsoft has produced a new version of Data Archive Version 3.4.395.64 to mitigate these issues. Some of these vulnerabilities could be exploited remotely. AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities...

Honeywell Midas Gas Detector Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 5, 2015, and is being released to the ICS-CERT web site. Independent researcher Maxim Rupp has identified two vulnerabilities in Honeywell’s Midas gas detector. Honeywell has produced firmware versions t...

Advantech EKI Hard-coded SSH Keys Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded SSH key vulnerability in Advantech’s EKI-122X series products. Advantech has produced new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Advantech reports that the...

Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-300-03 Rockwell Automation MicroLogix 1100 and 1400 PLC Systems Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site. Ilya Karpov of Positive Technologies, David Atch of CyberX, an...

Siemens RuggedCom Improper Ethernet Frame Padding Vulnerability

OVERVIEW David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE conformance issue involving improper frame padding in Siemens RuggedCom ROS-based devices. Siemens has already released a revision that...

Infinite Automation Systems Mango Automation Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ISCA-15-300-02 Infinite Automation Systems Mango Automation Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site. Steven Seeley of Source Incite and Gjoko Krstic of Zero Science Lab have...

Eaton's Cooper Devices Improper Ethernet Frame Padding Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 22, 2015, and is being released to the ICS-CERT web site. David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE...

IniNet Solutions SCADA Web Server Vulnerabilities

OVERVIEW Kirill Nesterov and Aleksandr Timorin of Positive Technologies have identified three vulnerabilities in IniNet Solutions GmbH’s SCADA Web Server. IniNet Solutions GmbH has produced a new version that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely...

IniNet Solutions embeddedWebServer Cleartext Storage Vulnerability

OVERVIEW Aleksandr Timorin of Positive Technologies has identified a cleartext storage of sensitive information vulnerability in IniNet Solutions GmbH’s embeddedWebServer eWebServer. IniNet Solutions GmbH has produced a new version that mitigates this vulnerability. AFFECTED PRODUCTS The followin...

3S CODESYS Gateway Null Pointer Exception Vulnerability

OVERVIEW Ashish Kamble of Qualys, Inc has identified a null pointer exception vulnerability in 3S-Smart Software Solutions GmbH’s CODESYS Gateway Server. 3S-Smart Software Solutions GmbH has produced a new version to mitigate this vulnerability. Ashish Kamble has tested the new version to validat...

3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability

OVERVIEW Nicholas Miles of Tenable Network Security has identified a NULL pointer dereference vulnerability in 3S-Smart Software Solutions GmbH’s CODESYS Runtime Toolkit. 3S has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCT...

Nordex NC2 XSS Vulnerability

OVERVIEW Independent researcher Karn Ganeshen has identified a cross-site scripting vulnerability in Nordex’s NC2 Wind Farm Portal application. Nordex has produced an update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Nordex NC2...

Unitronics VisiLogic OPLC IDE Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-274-02 Unitronics VisiLogic OPLC IDE Vulnerabilities that was published November 12, 2015, on the NCCIC/ICS-CERT web site. HP’s Zero Day Initiative ZDI reported to ICS-CERT that Steven Seeley of Source Incite,...

Omron Multiple Product Vulnerabilities

OVERVIEW Air Force Institute of Technology researcher Stephen Dunlap has identified vulnerabilities in Omron Corporation’s CX-Programmer software, CJ2M series programmable logic controller PLC, and CJ2H series PLC. Omron Corporation has produced new versions that mitigate these vulnerabilities. O...

Honeywell Experion PKS Directory Traversal Vulnerability

OVERVIEW Independent researcher Joel Langill identified a directory traversal vulnerability in Honeywell’s Experion PKS application. This vulnerability exists in all unsupported phased out versions of the application that is still in use by some customers. Honeywell has recommended users of the...

Endress+Hauser Fieldcare/CodeWrights HART Comm DTM XML Injection Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified a vulnerability within Endress+Hauser HART DTM software libraries. The vulnerability is in handling of the HART longtag response field in Endress+Hauser’s Fieldcare and CodeWrights HART Comm DTM. Endress+Hauser Process Solutions AG and...

Janitza UMG Power Quality Measuring Products Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the NCCIC/ICS-CERT web site. Mattijs van Ommeren of Applied Risk has identified several vulnerabilities in the Janitza UMG power quality measuring products. Janitza ha...

IBC Solar ServeMaster Source Code Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...

Resource Data Management Privilege Escalation Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified two vulnerabilities in Resource Data Management’s Data Manager application. Resource Data Management has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS Resourc...

Harman-Kardon Uconnect Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-ALERT titled ICS-ALERT-15-203-01 FCA Uconnect VulnerabilityICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01, web site last accessed September 17, 2015. that was published July 22, 2015, on the NCCIC/ICS-CERT web site. Chris...

Advantech WebAccess Stack-Based Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a stack-based buffer overflow vulnerability in Advantech’s WebAccess application. Advantech has produced a new version to mitigate this vulnerability. Ivan Sanchez has tested the new version to validate that it resolves the vulnerability...

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a cleartext transmission vulnerability in Schneider Electric’s StruxureWare Building Expert product. Schneider Electric has produced a new firmware version that mitigates this vulnerability. Artyom Kurbatov has tested the new firmware...

GE MDS PulseNET Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning two vulnerabilities in GE’s MDS PulseNET and MDS PulseNET Enterprise Network Management Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. GE has produced a new versio...

Wind River VXWorks TCP Predictability Vulnerability in ICS Devices (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-169-01A Wind River VxWorks TCP Predictability Vulnerability in ICS Devices that was published November 5, 2015, on the NCCIC/ICS-CERT web site. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a...

Yokogawa Multiple Products Buffer Overflow Vulnerabilities

OVERVIEW Yokogawa Electric Corporation has notified NCCIC/ICS-CERT of stack-based buffer overflow vulnerabilities in multiple Yokogawa products. Yokogawa has released product revisions that mitigate the vulnerabilities for many of the vulnerable products. These vulnerabilities could be exploited...

Advantech WebAccess Buffer Overflow Vulnerability

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-251-01 Advantech WebAccess Buffer Overflow Vulnerability that was published September 8, 2015, on the NCCIC/ICS-CERT web site. Security researcher Praveen Darshanam reported a stack-based overflow vulnerability ...

N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-160-01 N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys that was published June 9, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Neil Smith has identified hard-coded SSH and HTTPS encryption...

Cogent DataHub Code Injection Vulnerability

OVERVIEW NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. An anonymous security researcher reported this vulnerability to HP’s Zero Day Initiative ZDI. A patch to mitigate this issue was released ...

Schneider Electric Modicon PLC Vulnerabilities

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-15-224-02 Schneider Electric Modicon M340 PLC Station P34 Module VulnerabilitiesICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-02, web site last accessed September 3, 2015. that was published August 12, 2015...

Moxa Industrial Managed Switch Vulnerabilities

OVERVIEW Erwin Paternotte of Applied RiskApplied Risk Security Advisory AR2015001, Multiple Vulnerabilities in Moxa industrial manages switches, http://applied-risk.com/application/files/3414/4060/7148/AdvisoryMoxaMultipleVulnerabilities.pdf, web site last accessed September 3, 2015. has identifi...

Siemens RUGGEDCOM ROS IP Forwarding Vulnerability

OVERVIEW Stephen Craven of the Tennessee Valley Authority TVA has identified an IP forwarding vulnerability in older versions of Siemens RUGGEDCOM ROS. Siemens recommends updating to the latest version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUC...

Siemens SIMATIC S7-1200 CSRF Vulnerability

OVERVIEW Siemens has identified an CSRF Cross-Site Request Forgery vulnerability in the SIMATIC S7‑1200 CPUs. This vulnerability was reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced a firmware update to mitigate...

Innominate mGuard VPN Vulnerability

OVERVIEW Innominate mGuard has self identified a denial-of-service DoS vulnerability in the Innominate mGuard device. Inominate has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following mGuard versions are affected:...

Moxa SoftCMS Buffer Overflow Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning buffer overflow vulnerabilities in Moxa’s SoftCMS software package. These vulnerabilities were reported to ZDI by security researcher Carsten Eiram of Risk Based Security, who identified seven vulnerabilities,...

EasyIO-30P-SF Hard-Coded Credential Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a hard-coded credential vulnerability in the EasyIO-30P-SF controller. EasyIO has produced a...

Endress+Hauser HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in Endress+Hauser HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which...

Everest Software PeakHMI Pointer Dereference Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 20, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Josep Pi Rodriguez has identified two-pointer dereference vulnerabilities in the Everest Software LLC PeakHMI...

Schneider Electric IMT25 DTM Vulnerability

OVERVIEW Alexander Bolshev, Gleb Cherbov, and Svetlana Cherkasova of Digital Security have identified a memory corruption vulnerability in Schneider Electric IMT25 DTM component. Schneider Electric has produced a patch that mitigates this vulnerability. Digital Security has tested this patch to...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability

OVERVIEW Gleb Gritsai, Alisa Esage Shevchenko, Ilya Karpov, and the team from Positive Technologies Security have found sensitive information stored in clear text in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products. Schneider Electric has released new patches t...

Siemens RUGGEDCOM ROS and ROX-based Devices TLS POODLE Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-15-202-03A Siemens RUGGEDCOM ROS and ROX Based Devices TLS POODLE Vulnerability that was published July 25, 2015, on the NCCIC/ICS-CERT web site. Siemens has reported to ICS-CERT that a Transport Layer Security TLS Padding...

Siemens SIPROTEC Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in the SIPROTEC 4 and SIPROTEC Compact devices. This vulnerability was reported directly to Siemens by Victor Nikitin from i‑Grids LLC Russia. Siemens has produced a new firmware update to mitigate this vulnerability. This...

Siemens Sm@rtClient Password Storage Vulnerability

OVERVIEW Siemens has identified a password storage vulnerability in its Sm@rtClient Android application. This vulnerability was reported directly to Siemens by Karsten Sohr from Universität Bremen and Stephan Huber from Fraunhofer SIT. Siemens has produced a new version to mitigate this...

Siemens SICAM MIC Authentication Bypass Vulnerability

OVERVIEW Siemens has identified an authentication bypass vulnerability in its SICAM MIC telecontrol device. This vulnerability was reported directly to Siemens by Philippe Oechslin from Objectif Sécurité. Siemens has produced a new firmware update to mitigate this vulnerability. This vulnerabilit...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability

OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-15-181-02 SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability that was published September 3, 2015, on the NCCIC/ICS-CERT web site. Aleksandr Timorin of PT Security has identified a hard-coded account...

PACTware Exceptional Conditions Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a handling of exceptional conditions vulnerability in PACTware Consortium’s PACTware application. PACTware Consortium has produced a new service pack that mitigates this vulnerability. Ivan Sanchez has tested the new version to validate that...

Siemens Climatix BACnet/IP Communication Module Cross-site Scripting Vulnerability

OVERVIEW Siemens has identified a cross-site scripting XSS vulnerability in its Climatix BACnet/IP communication module. This vulnerability was reported directly to Siemens by Juan Francisco Bolivar Hernandez. Siemens has produced a new firmware update to mitigate this vulnerability. This...