Osama Bin Laden-Themed Phishing

Summary The intent of this advisory is to provide general guidance to public and private sector organizations and individuals on potential targeted phishing attacks often referred to as “spear phishing” with respect to the Osama Bin Laden related media reporting, and to offer some suggested metho...

Targeted Phishing Attacks

Summary This advisory is intended to provide general guidance to public and private sector organizations on events potentially triggering targeted phishing attacks often referred to as spear phishing and to offer some suggested methods that may minimize the likelihood of a successful attack. This...

Inductive Automation Ignition Information Disclosure Vulnerability

Overview ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI Plant Management Interface, offered by Inductive Automation. This vulnerability allows unauthorized users to download...

Triangle Research Nano 10 PLC Denial of Service

OVERVIEW Researcher Jon Christmas of Solera Networks has identified an improper input validation vulnerability in Triangle Research International, Inc.’s Tri Inc. Nano‑10 programmable logic controller PLC. Tri Inc. has produced a firmware upgrade and tested it to validate that the upgrade resolve...

QNX Multiple Vulnerabilities

OVERVIEW Independent researcher Luigi Auriemma identified a stack-based buffer overflow and a buffer copy without checking size of input vulnerabilities in QNX’s Phrelay, Phwindows, and Phditto products without coordination with ICS-CERT, the vendor, or any other coordinating entity known to...

Alstom Grid S1 Agile Improper Authorization

OVERVIEW This advisory provides mitigation details for a vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software. Note: Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This advisory only...

Monroe Electronics DASDEC Compromised Root SSH Key

OVERVIEW This advisory provides mitigation details for a vulnerability that impacts the Monroe Electronics DASDEC. Mike Davis, a researcher with IOActive, reported a compromised root SSH key vulnerability to CERT Coordination Center CERT/CC. This vulnerability is in Monroe Electronics DASDEC‑I an...

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

Siemens Scalance X200 IRT Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens Scalance X200 IRT. Siemens has identified multiple vulnerabilities in Siemens Scalance X200 IRT. Siemens has produced an update that mitigates these vulnerabilities. Siemens has tested the update to...

Siemens COMOS Permissions, Privileges, and Access Controls

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens COMOS database system. Siemens has identified a permissions, privileges, and access controls vulnerability in the Siemens COMOS database system. Siemens has produced software updates that mitigate this...

Siemens WinCC 7.2 Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. Researchers Alexander Tlyapov, Sergey Gordeychik, and Timur Yunusov of Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC Web Navigator 7.2...

IOServer DNP3 Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper input validation in IOServer’s DNP3 driver software. IOServer has produced an updated software version that mitigates this vulnerability. Adam Crain and Chris Sistrunk updated and tested this versi...

3S CODESYS Gateway Use After Free

OVERVIEW Independent researcher Nicholas Miles has identified a vulnerability in the 3S CODESYS Gateway application that can result in a denial-of-service DoS condition. 3S has produced an update that mitigates this vulnerability. Nicholas Miles has tested this update and validates that it resolv...

Mitsubishi Electric Automation MX Component V3 ActiveX Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-13-091-01 Mitsubishi Electric Automation MX Buffer Overflow Vulnerability that was published April 1, 2013, on the ICS-CERT Web siteICSA-13-091-01, http://ics-cert.us-cert.gov/alerts/ICSA-13-091-01, last accessed May 20, 2013...

Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)

Overview This updated advisory was orignally posted to the US-CERT secure Portal library on February 5, 2013, and is now being released to the ICS-CERT Web page. Mitigation details for multiple vulnerabilities that impact third-party software integrated into the Invensys Wonderware Intelligence...

TURCK BL20 and BL67 Programmable Gateway Hard-Coded User Accounts

OVERVIEW Researcher Rubén Santamarta of IOActive has identified hard-coded user accounts in TURCK’s BL20 and BL67 Programmable Gateways. Exploitation of this vulnerability would allow an attacker to have remote administrative access to the device. This vulnerability affects programmable gateways...

Galil RIO-47100 Improper Input Validation

Overview This advisory provides mitigation details for a vulnerability affecting the Galil RIO-47100 “Pocket PLC.” Researcher Jon Christmas of Solera Networks has identified an improper validation vulnerability in the Galil RIO-47100 PLC, which can result in a loss of availability. Galil has...

Wonderware Information Server Vulnerabilities

Overview This advisory was originally posted to the US-CERT secure Portal library on April 23, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for multiple vulnerabilities that impact the Invensys Wonderware Information Server WIS software...

MatrikonOPC Multiple Product Vulnerabilities

Overview This advisory was originally posted to the US-CERT secure Portal library on April 16, 2013, and is now being released to the ICS-CERT Web page. Independent researcher Dillon Beresford of Cimation has identified vulnerabilities in two MatrikonOPC products; MatrikonOPC A&E Historian and...

Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability

Overview This advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. Independent researcher Michael Toecker of Digital Bond has identified an improper authorization vulnerability in the MiCOM S1 Studio Software using the Microsoft Attac...

Canary Labs Inc Trend Link Insecure ActiveX Control Method

Overview This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software. Researcher Kuang-Chun Hung of Security Research and Service Institute−Information and Communication Security Technology Center ICST has identified an insecure ActiveX control metho...

Cogent Real-Time Systems Vulnerabilities

Overview Dillon Beresford of Cimation has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent has produced an update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. Affected Products Cogent Real-Time Systems reports...

Rockwell Automation FactoryTalk and RSLinx Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 4 -------- This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page. --------- End Update A Part 1 of 4...

Wind River VxWorks SSH and Web Server and General Electric D20MX

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Improper Input Validation --------- End Update A Part 1 of 4 --------- 2...

Rockwell Automation FactoryTalk RNADiagReceiver

Overview This Updated Advisory is a follow-up to the original Advisory titled “ICSA-12-088-01 – Rockwell Automation FactoryTalk RNADiagReceiver DOS Vulnerabilities” that was published March 28, 2012 on the ICS-CERT web page. This advisory is a follow-up to ICS-CERT Alert...

Ecava IntegraXor ActiveX Directory Traversal

Overview Independent researchers Billy Rios and Terry McCorkle have identified a Path Traversal vulnerability in the Ecava IntegraXor application. Ecava has produced an update that mitigates this vulnerability. The researchers have validated that the patch fixes this vulnerability. Affected...

Wonderware System Platform Buffer Overflows

Overview ICS-CERT originally released Advisory ICSA-12-081-01P on the US-CERT secure portal on March 21, 2012. This web page release was delayed to allow users time to download and install the update. Independent researcher Celil Unuver from SignalSec Corporation has identified two buffer overflo...

Microsoft Remote Desktop Protocol Memory Corruption Vulnerability

Overview ICS-CERT is aware of a public report of a Remote Desktop Protocol RDP vulnerability with proof-of-concept PoC exploit code affecting multiple Microsoft Windows operating systems. RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to...

Siemens Automation License Manager Uncontrolled Resource Consumption

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens Automation License Manager ALM. Siemens ProductCERT has identified an uncontrolled resource consumption vulnerabilitySSA-783261, https://cert-portal.siemens.com/productcert/pdf/ssa-783261.pdf, Web site...

Wonderware Information Server Multiple Vulnerabilities

Overview ICS-CERT originally released Advisory “ICSA-12-062-01PInvensys Wonderware Information Server Multiple Vulnerabilities” on the US-CERT secure portal on March 02, 2012. This web page release was delayed to allow users time to download and install the update. Independent security researche...

ABB Robot Communications Runtime Buffer Overflow

Overview ICS-CERT received a report from ABB and the Zero Day Initiative ZDI concerning a buffer overflow vulnerability in the Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers. This vulnerability was reported to ZDI by independent security...

Advantech WebAccess Vulnerabilities

OVERVIEW This advisory follows up on two previous ICS-CERT Alerts: “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15,...

GE Proficy Historian ihDataArchiver

Overview ICS-CERT originally released Advisory ICSA-12-032-01P on the US-CERT secure portal on March 02, 2012. This web page release was delayed to allow users time to download and install the update. ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI...

GE Intelligent Platforms Proficy Real-Time Information Portal Directory Traversal

Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI. If exploited, this vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. concerning a directory traversal vulnerability in the GE...

GE Intelligent Platforms Proficy Plant Applications Memory Corruption Vulnerabilities

Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications. These vulnerabilities were reported to ZDI by independent security researcher Luigi...

Siemens SIMATIC WinCC Vulnerabilities

Overview This advisory is a follow-up to a previous advisory titled “ICSA-11-356-01 – Siemens HMI Authentication Vulnerabilities” that was published December 22, 2011, and an alert titled "ICS-ALERT-11-332-02A – Siemens SIMATIC WinCC Flexible Vulnerabilities" that was published December 2, 2011...

7-Technologies Termis DLL Hijacking

Overview ICS-CERT originally released Advisory ICSA-12-025-02P on the US-CERT secure portal on January 25, 2012. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Security Research and Service Institute−Information and...

MICROSYS PROMOTIC Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-11-286-01 - MICROSYS PROMOTIC Vulnerabilities, released to the ICS-CERT Web page on October 12, 2011. Independent researcher Luigi Auriemma has identified and released three vulnerabilities in MICROSYS, spol. s r.o. PROMOTIC application without...

Ocean Data Systems Dream Reports XSS and Write Access Violation Vulnerabilities

Overview Independent researchers Billy Rios and Terry McCorkle identified cross-site scripting XSS and write access violation vulnerabilities in Ocean Data Systems Dream Report application. ICS-CERT has coordinated these vulnerabilities with Ocean Data Systems, which has produced a new version th...

Schneider Electric Quantum Ethernet Module Hard-Coded Credentials

OVERVIEW --------- Begin Update B Part 1 of 3 -------- This updated advisory is a follow-up to the updated advisory titled ICSA-12-018-01A Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on June 04, 2013, on the ICS-CERT Web site. It is also a follow-up to the...

Cogent DataHub XSS and CRLF

Overview ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems...

ING. Punzenberger COPA-DATA GMBH DoS Vulnerabilities

Overview ICS-CERT originally released Advisory ICSA-12-013-01P on the US-CERT secure portal on January 13, 2012. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Security Research and Service Institute--Information and...

Open Automation Software OPC Systems.NET Vulnerability

Overview This Advisory is a follow-up to “ICS-ALERT-11-285-01—Open Automation Software OPC Systems.NET Vulnerability” that was posted on the ICS-CERT website on October 12, 2011. Independent researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s...

3S CoDeSys Vulnerabilities

Overview This advisory is a follow-up to the alert update, ICS-ALERT-11-336-01A 3S CoDeSys Vulnerabilities, which was released on the ICS-CERT Web page on December 02, 2011. Security researcher Celil Unuver SignalSec LLC and independent researcher Luigi Auriemma have identified vulnerabilities in...

I-GEN opLYNX Central Authentication Bypass

Overview This advisory provides mitigation details for a vulnerability that impacts the i-GEN opLYNX Central software. Exploitation of this vulnerability would allow partial leakage of information and access to system settings. Independent researcher Anthony Cicalla has identified an authenticati...

Ruggedcom ROS Hard-Coded RSA SSL Private Key

Overview This Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page, as a follow-up to the original ICS-CERT alert ICS-ALERT-12-234-01 RuggedCom ROS Key Management...

Carlo Gavazzi EOS Box Multiple Vulnerabilities

Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...

Siemens ProcessSuite and Invensys Intouch Poorly Encrypted Password File

Overview This advisory provides mitigation details for a vulnerability that impacts Siemens ProcessSuite and Invensys Wonderware InTouch products. Researcher Seth Bromberger of NCI Security, LLC and independent researcher Slade Griffin have identified an insecure password storage vulnerability in...

Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 Fault Generation Vulnerability

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-12-342-01A Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller that was published December 11, 2012, on the NCCIC/ICS-CERT web site. Independent researcher Matthew Luallen of CYBATI has identified a fau...

GE Proficy HMI/SCADA Cimplicity Integer Overflow

OVERVIEW This updated advisory is a follow-up to the original ICS-CERT Advisory titled ICSA-12-341-01P—GE PROFICY HMI/SCADA CIMPLICITY INTEGER OVERFLOW that was published December 06, 2012, to the US-CERT secure Portal library. Researcher Kuang-Chun Hung of Information and Communication Security...