4251 matches found
Schneider Electric Invensys Positioner Buffer Overflow Vulnerability
OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...
Kepware Resource Exhaustion Vulnerability
OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this vulnerability. This...
Siemens SIMATIC Communication Processor Vulnerability (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03...
Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-050-01 Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities that was published February 19, 2015, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in its SIMATIC STEP 7 TIA Portal. Siemens...
Siemens SIMATIC WinCC TIA Portal Vulnerabilities
OVERVIEW Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik from Positive Technologies have identified authentication vulnerabilities in the Siemens SIMATIC WinCC TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. These vulnerabilitie...
Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities
OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...
Yokogawa HART Device DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...
Advantech EKI-1200 Buffer Overflow
OVERVIEW Enrique Nissim and Pablo Lorenzzato from Core Security Engineering Team have identified a buffer overflow vulnerability in Advantech EKI-1200 product line. Advantech has produced a patch that mitigates this vulnerability. CORE Security has tested the patch to validate that it resolves th...
GE Hydran M2 Predictable TCP Initial Sequence Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on February 10, 2015, and is being released to the NCCIC/ICS-CERT web site. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National...
GE and MACTek HART Device DTM Vulnerability (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper...
Pepperl+Fuchs Hart Device DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in PEPPERL+FUCHS HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Pepperl+Fuchs has begun ...
Siemens Ruggedcom WIN Vulnerability
OVERVIEW IOActive has coordinated with Siemens regarding multiple vulnerabilities in the Ruggedcom WIN firmware. Siemens has produced firmware updates that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely if there is network access to the affected service. AFFECT...
Siemens SCALANCE X-200IRT Switch Family User Impersonation Vulnerability
OVERVIEW Siemens has identified a user impersonation vulnerability in its SCALANCE X-200IRT Switch Family. Siemens has produced a firmware update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the...
Honeywell HART DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in Honeywell’s HART DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Honeywell validated and released for...
Schneider Electric Multiple Products Buffer Overflow Vulnerability
OVERVIEW NCCIC/ICS-CERT received a report from Ariele Caltabiano kimiya with HP’s Zero Day Initiative ZDI concerning a buffer overflow vulnerability in Schneider Electric’s SoMove Lite software package. While addressing this vulnerability, Schneider Electric identified multiple vulnerable Schneid...
Magnetrol HART DTM Vulnerability
OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...
Siemens SIMATIC S7-1200 CPU Web Vulnerability
OVERVIEW Siemens has identified an open redirect vulnerability in the SIMATIC S7-1200 CPU family. This vulnerability was reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced an update that mitigates this...
Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities
OVERVIEW Siemens has identified denial-of-service DoS vulnerabilities in the SCALANCE X-300/X408 switch family. These vulnerabilities were reported directly to Siemens by Déjà vu Security. Siemens has produced a firmware update that mitigates these vulnerabilities. These vulnerabilities could be...
Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities
OVERVIEW Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. Schneider Electric has produced a firmware update that mitigates part of these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...
GE Multilink Switch Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...
Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability
OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...
Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication
OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...
Siemens SIMATIC WinCC Sm@rtClient iOS Application Authentication Vulnerabilities
OVERVIEW Siemens has identified authentication vulnerabilities in the SIMATIC WinCC Sm@rt Client application. These vulnerabilities were reported directly to Siemens by Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult NCC Group. Siemens has produced an update that mitigates thes...
CodeWrights GmbH HART Device DTM Vulnerability (Update C)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01B CodeWrights GmbH HART DTM Vulnerability that was published January 27, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...
CodeWrights GmbH HART DTM Vulnerability
OVERVIEW Independent researcher Alexander Bolshev has identified an improper input validation vulnerability in CodeWrights GmbH HART Device Type Manager DTM libraries. CodeWrights GmbH produces DTM libraries for vendors of HART DTM products. CodeWrights GmbH has updated the libraries that mitigat...
CodeWrights GmbH HART DTM Vulnerability (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...
CodeWrights GmbH HART DTM Vulnerability (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-012-01 CodeWrights GmbH HART DTM Vulnerability that was published January 12, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Alexander Bolshev has identified an improper input validation...
Emerson HART DTM Vulnerability
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-008-01 Emerson HART DTM Vulnerability that was published January 8, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights...
Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability
OVERVIEW Schneider Electric Wonderware has identified a stack-based buffer overflow vulnerability in the Wonderware InTouch Access Anywhere Server product. Schneider Electric has produced a security update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED...
Eaton Cooper Power Series Form 6 Control and Idea/IdeaPlus Relays with Ethernet Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 6, 2015, and is now being released to the NCCIC/ICS-CERT web site. Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech Nationa...
Supplement to ICSA-15-237-02 EasyIO-30P-SF Hard-Coded Credential Vulnerability
OVERVIEW This advisory supplement was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory supplement is to accompany the ICS-CERT advisory titled ICSA‑15‑237‑02 EasyIO-30PF-SF Hard-Coded Credential...
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
OVERVIEW Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens...
Motorola MOSCAD SCADA IP Gateway Vulnerabilities
OVERVIEW Independent researcher Aditya K. Sood has identified Remote File Inclusion RFI and Cross-Site Request Forgery CSRF vulnerabilities in Motorola Solutions’ MOSCAD IP Gateway. Motorola Solutions has confirmed this product was cancelled at the end of 2012 and no longer offer software updates...
Schneider Electric Modicon M340 Buffer Overflow Vulnerability
OVERVIEW David Atch of CyberX has identified a buffer overflow vulnerability in Schneider Electric’s Modicon M340 PLC product line. Schneider Electric has produced a new firmware patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Schneider...
eWON Vulnerabilities
OVERVIEW Independent researcher Karn Ganeshen has identified several vulnerabilities in the eWON sa industrial router. eWON sa has produced an updated firmware to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following eWON router firmwar...
Adcon Telemetry A840 Vulnerabilities
OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...
Open Automation Software OPC Systems NET DLL Hijacking Vulnerability
OVERVIEW Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in Open Automation Software’s OPC Systems.NET application. Open Automation Software has reviewed the vulnerability and determined not to patch the issue at this time. This vulnerability could be exploited remote...
Advantech EKI Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...
LOYTEC Router Information Exposure Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified a password file vulnerability in LOYTEC’s LIP-3ECTB routers. LOYTEC has produced a firmware update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following LOYTEC routers are affected:...
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...
Hospira Multiple Products Buffer Overflow Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the NCCIC/ICS-CERT web site. Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira’s LifeCare PCA Infusion System. Hospira has...
Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the ICS-CERT web site. Swedish companies XPD and Assured found several crypto implementation flaws in the Pacom GMS system. Pacom has not produced a patch to mitigate...
SearchBlox File Exfiltration Vulnerability
OVERVIEW Oana Murarasu of Ixia has identified a file exfiltration vulnerability in SearchBlox’s web-based proprietary search engine application. SearchBlox has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...
Schneider Electric ProClima ActiveX Control Vulnerabilities
OVERVIEW Ariele Caltabiano, working with HP’s Zero Day Initiative, has identified 11 remote code execution vulnerabilities in Schneider Electric’s ProClima F1 Bookview ActiveX control application. Schneider Electric has produced an update to mitigate these vulnerabilities. These vulnerabilities...
Moxa OnCell Central Manager Vulnerabilities
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning hardcoded credentials and authentication bypass vulnerabilities in Moxa’s OnCell Central Manager Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. Moxa has released a...
Tibbo AggreGate Platform Vulnerabilities
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning two vulnerabilities in Tibbo’s AggreGate SCADA/HMI package, which is part of the AggreGate Platform. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi rgod. Tibbo has produced a...
Exemys Web Server Bypass Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified a login bypass in the Exemys Telemetry Web Server. Exemys has not produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Exemys product is affected: Exemys Telemetry...
OSIsoft PI Data Archive Server Vulnerabilities
OVERVIEW OSIsoft has identified 56 vulnerabilities in its own PI System software. OSIsoft has produced a new version of Data Archive Version 3.4.395.64 to mitigate these issues. Some of these vulnerabilities could be exploited remotely. AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities...
Advantech EKI Hard-coded SSH Keys Vulnerability
OVERVIEW Independent researcher Neil Smith has identified a hard-coded SSH key vulnerability in Advantech’s EKI-122X series products. Advantech has produced new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Advantech reports that the...
Honeywell Midas Gas Detector Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 5, 2015, and is being released to the ICS-CERT web site. Independent researcher Maxim Rupp has identified two vulnerabilities in Honeywell’s Midas gas detector. Honeywell has produced firmware versions t...