Schneider Electric Authenticated Communication Risk Vulnerability

OVERVIEW ICS-CERT received a report from Schneider Electric concerning an Authenticated Communication Risk vulnerability in the Schneider Electric Software Update SESU utility. This vulnerability was reported to Schneider Electric by security researcher Arthur Gervais. The SESU is a centralized...

Siemens SIMATIC RF Manager ActiveX Buffer Overflow

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens SIMATIC RF Manager. Siemens has identified a buffer overflow vulnerability in the ActiveX component of the SIMATIC RF Manager. Siemens has produced a patch that mitigates this vulnerability. Successful...

SpecView Directory Traversal

Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-214-01 SpecView Directory Traversal that was published August 01, 2012, on the ICS-CERT Web. This advisory provides mitigation details for a vulnerability, which impacts SpecView products. Independent researcher Luigi...

Rockwell Automation ControlLogix PLC Vulnerabilities

Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-020-02A—Rockwell Automation ControlLogix PLC Vulnerabilities that was published February 14, 2012, on the ICS-CERT Web page. Independent researcher Rubén Santamarta of IOActive identified vulnerabilities in Rockwell...

NovaTech Orion DNP3 Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the NovaTech Orion Substation Automation Platform. NovaTech has produced a firmware update that mitigates this vulnerability. The researchers have tested the...

Schneider Electric CitectSCADA Products Exception Handler Vulnerability (Update A)

OVERVIEW --------- Begin Update A Part 1 of 1 -------- This updated advisory is a follow-up to the original advisory titled ICSA-13-350-01 Schneider Electric SCADA Products Exception Handler Vulnerability that was published February 25, 2014, on the NCCIC/ICS-CERT web site. This advisory was...

Siemens COMOS Privilege Escalation

OVERVIEW Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability. The client application used for accessing the database system might allow authenticated...

Cooper Power Systems Cybectec DNP3 Master OPC Server Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in Cooper Power Systems Cybectec DNP3 Master OPC Server software. Cooper Power Systems has discontinued the OPC server and recommends that customers use the SMP...

Cooper Power Systems Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. Coope...

WellinTech Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 10, 2013, and is now being released to the NCCIC/ICS-CERT Web site. NCCIC/ICS-CERT received reports from the Zero Day Initiative ZDI regarding a remote code execution vulnerability and an information...

RuggedCom ROS Multiple Vulnerabilities

OVERVIEW Siemens has reported to NCCIC/ICS-CERT multiple vulnerabilities in the RuggedCom Rugged OS ROS. Siemens has produced a firmware update that mitigates these vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to hijack an active Web session and access...

Siemens SINAMICS S/G Authentication Bypass Vulnerability

OVERVIEW Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could...

Elecsys Director Gateway Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate th...

ClearSCADA Remote Authentication Bypass

Overview ICS-CERT originally released Advisory ICSA-11-173-01P “ClearSCADA Remote Authentication Bypass”, on the US-CERT Portal on June 22, 2011. This web page release was delayed to allow users sufficient time to download and install this update. Independent security researcher Jeremy Brown has...

Rockwell RSLinx EDS Vulnerability

Overview ICS-CERT has received a report from Michael Orlando of CERT Coordination Center CERT/CC identifying a vulnerability in Rockwell Automation Electronic Data Sheet EDS Hardware Installation Tool. This tool is bundled with RSLinx Classic for normal distribution. The install tool exhibits a...

ICONICS GENESIS32 Multiple Memory Corruption

Overview Independent security researchers Billy Rios and Terry McCorkle have identified eight memory corruption vulnerabilities affecting the ICONICS GENESIS32 product. GENESIS32 is a web-deployable human-machine interface HMI supervisory control and data acquisition SCADA product. These...

Ecava IntegraXor DLL Hijacking (Update B)

Overview This advisory is a follow-up to ICS-ALERT-10-362-01—Ecava IntegraXor DLL Hijacking. ICS-CERT has become aware of a Uncontrolled Search Path Element vulnerability, commonly referred to as DLL Hijacking, in the Ecava IntegraXor supervisory control and data acquisition SCADA product. ICS-CE...

Triangle Research Nano-10 PLC Improper Input Validation

OVERVIEW Researcher Wei Gao of IXIA has identified an improper input validation vulnerability in Triangle Research International, Inc.’s TRi Inc. Nano‑10 programmable logic controller PLC.IXIA Web site...

Siemens WinCC Exploitable Crashes

Overview ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from independent security researchers Billy Rios and Terry...

Catapult Software DNP3 Driver Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in Catapult Software’s DN...

GE Proficy DNP3 Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. General Electric GE Intelligent Platforms reported to NCCIC/ICS-CERT an improper input validation vulnerability in the DNP3 driver used...

WellinTech KingView ActiveX Vulnerabilities

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-13-256-01 WellinTech KingView ActiveX VulnerabilitiesICS-ALERT-13-256-01 WellinTech KingView ActiveX Vulnerabilities, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-256-01, Web site last accessed October 22, 2013. that was...

Alstom e-Terracontrol DNP3 Master Improper Input Validation (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-282-01, Alstom e‑terra control DNP3 Master Improper Input Validation, which was posted to the NCCIC/ICS‑CERT Web site October 09, 2013. Adam Crain of Automatak and independent researcher Chris Sistrunk have...

Philips Xper Buffer Overflow Vulnerability

OVERVIEW Independent researcher Billy Rios has identified a heap-based buffer overflow in the Philips Xper application. Philips has produced an update that mitigates this vulnerability. Philips has tested the update and verified that it resolves the vulnerability. This vulnerability could be...

Invensys Wonderware InTouch Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application. Independent...

Siemens SCALANCE X-200 Authentication Bypass Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 01, 2013, and is now being released to the ICS-CERT-Web page. Siemens has identified an authentication bypass vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of...

Emerson ROC800 Multiple Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...

Emerson ROC800 Multiple Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-259-01 Emerson ROC800 Multiple Vulnerabilities that was published September 26, 2013, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...

Siemens SCALANCE X-200 Web Hijack Vulnerability

OVERVIEW Siemens has identified a Web hijack vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of IOActive coordinated disclosure of the vulnerability with Siemens. Siemens has produced a firmware update that mitigates this vulnerability. This vulnerability...

SUBNET Solutions Inc. SubSTATION Server DNP3 Outstation Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the SUBNET Solutions Inc. SubSTATION Server software application. SUBNET Solutions Inc. has produced a new version that mitigates this vulnerability. SUBNET Solutions Inc. ha...

ProSoft Technology RadioLinx ControlScape PRNG Vulnerability

OVERVIEW Lucas Apa and Carlos Mario Penagos Hollman, security researchers with IOActive, have identified a weak pseudo-random number generator PRNG seed in the ProSoft Technology RadioLinx ControlScape application software. ProSoft Technology has produced a new firmware patch that mitigates this...

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

Schneider Electric Trio J-Series Radio Encryption

OVERVIEW Schneider Electric has self-reported a hard-coded encryption key vulnerability in Schneider Electric’s J-Series Radios. Schneider Electric has produced a patch that mitigates this vulnerability and has published a customer security notification.Schneider Electric Cybersecurity...

Top Server OPC Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have test...

Siemens COMOS Privilege Escalation Vulnerability

OVERVIEW Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS The following Siemens COMOS versions are affected: All COMOS versions prior to 9.1 COMOS 9.1:...

Sixnet Universal Protocol Undocumented Function Codes (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...

Kepware Technologies Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a improper input validation vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this...

Advantech WebAccess Cross-Site Scripting

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-13-009-01 Advantech WebAccess Cross-Site Scripting that was published January 9, 2013, on the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability in Advantech’s WebAccess application. Independent...

OSIsoft Multiple Vulnerabilities

OVERVIEW OSIsoft has identified multiple vulnerabilities in the PI Interface for IEEE C37.118 and reported them to ICS-CERT. OSIsoft has produced a software update that mitigates these vulnerabilities. OSIsoft has tested the software update to validate that it resolves the vulnerabilities...

Schweitzer Engineering Laboratories Improper Input Validation

Overview Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper DNP3 input validation in Schweitzer Engineering Laboratories’ real-time automation controllers RTAC. Schweitzer Engineering Laboratories SEL has produced updated firmware that mitigates this...

Vendor Admin Accounts Warning

Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on...

MOXA Weak Entropy in DSA Keys Vulnerability

Overview Researcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in MOXA OnCell Gateways. MOA produced and released a firmware upgrade ...

Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability

Overview Schneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has...

MatrikonOPC SCADA DNP3 Master Station Improper Input Validation

OVERVIEW This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in...

Siemens Scalance W-7xx Product Family Multiple Vulnerabilities

OVERVIEW Siemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the...

IOServer Master Station Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the IOServer DNP3 Driver on the master station. IOServer has produced a new version that mitigates this vulnerability. The researchers have tested the new versi...

Siemens WinCC TIA Portal Vulnerabilities

OVERVIEW Researchers Timur Yunusov and Sergey Bobrov of Positive Technologies have identified several vulnerabilities in the Siemens WinCC TIA Portal. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it...

Invensys Wonderware HMI Reports XSS and Write Access Violation Vulnerabilities

Overview Independent security researchers Billy Rios and Terry McCorkle have identified cross-site scripting XSS and write access violation vulnerabilities in the Invensys Wonderware HMI reports product. ICS-CERT has coordinated these two vulnerabilities with Invensys, which has produced a new...

Honeywell TEMA Remote Installer ActiveX Vulnerability

Overview Industrial Control Systems Cyber Emergency Response Team ICS-CERT received a report from independent security researchers Billy Rios and Terry McCorkle concerning a vulnerability affecting Honeywell Enterprise Buildings Integrator EBI software systems that have Temaline physical access...

Ecava IntegraXor XSS

Overview ICS-CERT received a report from an anonymous security reseacher concerning several cross site scripting XSS vulnerabilities in the Ecava IntegraXor SCADA product. ICS-CERT has worked with the reseacher and Ecava to validate these vulnerabilities. Ecava has developed a patch release of...