Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...

MatrikonOPC Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 10, 2014, and is now being released to the NCCIC/ICS-CERT web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the...

Ecava Sdn Bhd IntegraXor Project Directory Information Disclosure Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from the Zero Day InitiativeEcava IntegraXor Project Directory Information Disclosure Vulnerability, http://www.zerodayinitiative.com/advisories/ZDI-13-277/, Web site last accessed January 08, 2014. ZDI regarding a project directory information disclosure...

Sierra Wireless AirLink Raven X EV-DO Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-14-007-01A Sierra Wireless AirLink Raven X EV-DO Multiple Vulnerabilities that was published January 16, 2014, on the NCCIC/ICS‑CERT web site. A researcher at Cimation has identified multiple vulnerabilities in the Sierra...

Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure portal library on January 06, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Schneider Electric...

Network Time Protocol Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01B Network Time Protocol Vulnerabilities that was published February 4, 2015, on the NCCIC/ICS-CERT web site. Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple...

Honeywell Experion PKS Vulnerabilities

OVERVIEW Alexander Tlyapov, Gleb Gritsai, Kirill Nesterov, Artem Chaykin and Ilya Karpov of the Positive Technologies Research Team and Security Lab have identified vulnerabilities in Honeywell’s Experion Process Knowledge System EPKS application. Honeywell has produced several patch updates...

Innominate mGuard Privilege Escalation Vulnerability

OVERVIEW Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices. Innominate has produced a firmware patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Innominate mGuard...

Schneider Electric ProClima Command Injection Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning command injection vulnerabilities in Schneider Electric’s ProClima software package. These vulnerabilities were reported to ZDI by security researchers Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc...

Johnson Controls Metasys Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent security researcher Billy Rios has identified two vulnerabilities in Johnson Controls Metasys building management system. Johns...

Arbiter Systems 1094B GPS Clock Spoofing Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 11, 2014, and is being released to the NCCIC/ICS-CERT web site. Arbiter Systems has identified a GPS clock spoofing vulnerability in its 1094B clock. Arbiter Systems has produced a new product that is no...

Yokogawa FAST/TOOLS XML External Entity

OVERVIEW Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies Inc. have identified an XML external entity processing vulnerability in the Yokogawa FAST/TOOLS application. Yokogawa has produced a service pack that mitigates this vulnerability. AFFECTED PRODUCTS The following...

Trihedral Engineering Limited VTScada Integer Overflow Vulnerability

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application. Trihedral Engineering Limited has produced a patch that mitigates this vulnerability. This vulnerability could be exploited...

Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02C Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 18, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products using the Sieme...

MatrikonOPC for DNP Unhandled C++ Exception

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified an unhandled C++ exception in the MatrikonOPC DNP3 application. MatrikonOPC has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Advantech WebAccess Stack-based Buffer Overflow

OVERVIEW Ricardo Narvaja from Core Security Consulting Services discovered and disclosed information regarding a buffer overflow vulnerabilityCore Security Advantech WebAccess Stack-based Buffer Overflow, http://www.coresecurity.com/advisories/advantech-webaccess-stack-based-buffer-overflow web...

ABB RobotStudio and Test Signal Viewer DLL Hijack Vulnerability

OVERVIEW Ivan Sanchez of WiseSecurity Team has identified a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer applications. ABB has produced new versions that mitigate this vulnerability. Mr. Sanchez has tested the new version to validate that it resolves the vulnerability...

Elipse SCADA DNP3 Denial of Service

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 30, 2014, and is being released to the NCCIC/ICS-CERT web site Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial‑of‑service vulnerability in the Elipse SCADA application...

Nordex NC2 XSS Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-13-304-01 Nordex NC2 – Cross-Site Scripting Vulnerability that was published October 31, 2013, on the NCCIC/ICS-CERT web site. Independent researcher Darius Freamon identified a cross-site scripting vulnerability in the Nordex...

Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell...

IOServer Resource Exhaustion Vulnerability

OVERVIEW Chris Sistrunk of Mandiant and Adam Crain of Automatak have identified an out of bound read vulnerability in the IOServer application. IOServer has produced a new version that mitigates this vulnerability. Adam Crain has tested the new version to validate that it resolves the...

GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation

OVERVIEW This advisory was originally posted to the NCCIC/US-CERT secure Portal library on October 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Said Arfi has identified a memory access violation vulnerability in GE’s CIMPLICITY CimView application. GE has...

CareFusion Pyxis SupplyStation System Vulnerabilities

OVERVIEW Independent researcher Billy Rios identified authentication vulnerabilities in CareFusion’s Pyxis SupplyStation system. CareFusion has implemented additional controls to mitigate some of these vulnerabilities in the SupplyStation system. Some of the reported vulnerabilities could be...

GE Proficy HMI/SCADA DNP3 Driver Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 14, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Adam Crain of Automatak has identified an improper input validation in the DNP3 driver provided by Catapult Software...

Accuenergy Acuvim II Authentication Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 2, 2014, and is being released to the ICS-CERT web site. Independent researcher Laisvis Lingvevicius has identified two authentication vulnerabilities within the Accuenergy AXM-NET Ethernet module’s web...

Meinberg Radio Clocks LANTIME M-Series XSS

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 2, 2014, and is being released to the ICS-CERT web site. Martem Telecontrol Systems security researcher Aivar Liimets has identified a reflected cross‑site scripting vulnerability in the Meinberg Radio...

SchneiderWEB Server Directory Traversal Vulnerability

OVERVIEW Independent researcher Billy Rios has identified a directory traversal vulnerability in Schneider Electric’s SchneiderWEB, a web HMI. Schneider Electric has produced a firmware update that mitigates this vulnerability. Billy Rios has tested the update to validate that it resolves the...

Fox DataDiode Proxy Server CSRF Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 26, 2014, and is being released to the ICS-CERT web site. Tudor Enache of HelpAG identified a Cross-Site Request Forgery CSRF in the proxy server web administration interface for the Fox DataDiode...

Bash Command Injection Vulnerability

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-269-01 Bash Command Injection Vulnerability that was published September 26, 2014, on the NCCIC/ICS‑CERT web site. A command injection vulnerability has been reported in the Bourne again shell bash. Bash is the...

Advantech WebAccess Vulnerabilities

OVERVIEW Researcher Ricardo Narvaja of Core Security Technologies has identified several buffer overflow vulnerabilities in Advantech’s WebAccess application. Advantech has produced a patch that mitigates these vulnerabilities. The researcher has tested the patch to validate that it resolves the...

Yokogawa CENTUM and Exaopc Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-260-01 Yokogawa CENTUM and Exaopc Vulnerability that was published September 17, 2014, on the NCCIC/ICS-CERT web site. Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

Rockwell Micrologix 1400 DNP3 DOS Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 11, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Matthew Luallen of CYBATI has identified a denial-of-service DoS vulnerability to the DNP3 implementation of the...

Schneider Electric VAMPSET Buffer Overflow

OVERVIEW Aivar Liimets of Martem AS has identified a buffer overflow vulnerability in Schneider Electric’s VAMPSET software product. He reported it directly to Schneider Electric who reported it to NCCIC/ICS-CERT once the problem was fixed. Schneider Electric has produced an update that mitigates...

Sensys Networks Traffic Sensor Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-247-01A Sensys Networks traffic sensor vulnerabilities that was published September 04, 2014, on the NCCIC/ICS-CERT web site. Researcher Cesar Cerrudo of IOActive has identified vulnerabilities in the Sensys...

CG Automation Improper Input Validation

OVERVIEW Researchers Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified an improper input validation vulnerability in the CG Automation ePAQ-9410 Substation Gateway DNP3 protocol components. CG Automation has produced an updated software that mitigates this vulnerability. CG...

Schneider Electric Wonderware Vulnerabilities

OVERVIEW Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server WIS. Schneider Electric has produced an update that mitigates...

Siemens SIMATIC S7-1500 CPU Denial of Service

OVERVIEW Arnaud Ebalard from Agence Nationale de la Sécurité des Systèmes d’Information ANSSI has reported a denial-of-service DoS vulnerability in Siemens SIMATIC S7-1500 CPU. Siemens produced a new firmware version that mitigates this vulnerability and then reported it to NCCIC/ICS-CERT. This...

Ecava Integraxor SCADA Server Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 12, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi identified an Improper Privilege Management vulnerability within Ecava’s IntegraXor SCADA Server and...

Morpho Itemiser 3 Hard-Coded Credential

OVERVIEW Independent researchers Billy Rios and Terry McCorkle have identified hard-coded credentials in the Morpho Itemiser 3. Morpho has not produced a patch, update, or new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The followin...

Siemens SIMATIC WinCC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. Researchers Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai of Positive...

Omron NS Series HMI Vulnerabilities

OVERVIEW Researcher Joel Sevilleja Febrer of S2 Grupo has identified multiple vulnerabilities in Omron Corporation’s NS series human-machine interface HMI terminals. Omron Corporation has produced an update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely...

OleumTech WIO Family Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...

Cogent DataHub Code Injection Vulnerability

OVERVIEW NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. hereafter referred to as Cogent. Security researcher John Leitch reported this vulnerability to the Zero Day Initiative ZDI, who then...

Advantech WebAccess Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from the Zero Day Initiative ZDI concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an...

SubSTATION Server Telegyr 8979 Master Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on July 15, 2014, and is being released to the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a Buffer Overflow Vulnerability in the SUBNET Solutions Inc SUBNET,...

Innominate mGuard Unauthorized Leakage of System Data

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on July 8, 2014, and is being released to the NCCIC/ICS-CERT web site. The Applied Risk Research team has identified an unauthorized download of system information from Innominate mGuard devices. Innominate has...

Yokogawa Centum Buffer Overflow Vulnerability

OVERVIEW Researcher group Rapid7 has identified a buffer overflow vulnerability in Yokogawa CENTUM products. Yokogawa has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Yokogawa reports that the vulnerability affects the...

Honeywell FALCON XLWeb Controllers Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. Martin Jartelius of Outpost24 has identified an authentication bypass vulnerability in Honeywell FALCON XLWeb controllers. Juan Francisco Boliv...

Honeywell ScanServer ActiveX Control (Update A)

Overview --------- Begin Update A Part 1 of 3 ---------- This ICS-CERT Advisory is an update to ICSA-11-103-01 – Honeywell ScanServer ActiveX Control, which was originally released on April 13, 2011. A security research company, Secunia, has released a report of a use-after-free...