Post Oak Bluetooth Traffic Systems Insufficient Entropy Vulnerability

Overview This advisory provides mitigation details for a vulnerability that impacts Post Oak Traffic AWAM Bluetooth Reader Systems. An independent research group composed of Nadia Heninger University of California at San Diego, J. Alex Halderman, Zakir Durumeric, and Eric Wustrow all from the...

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

ABB AC500 PLC Webserver CoDeSys Vulnerability

Overview ICS-CERT has been notified of a buffer overflow vulnerability in the ABB AC500 PLC Webserver application. Successful exploitation of this vulnerability could lead to a denial of service DoS, affecting the availability of the service. This vulnerability is related to ICS-CERT Advisory,...

Siemens SiPass Server Buffer Overflow

OVERVIEW This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens SiPass server. Siemens has reported a buffer overflow vulnerability in the Siemens SiPass server. Lucas Apa of IOActive discovered this vulnerability and reported it directly to...

Korenix Jetport 5600 Series Hard-coded Credentials

Overview This advisory provides mitigation details for a vulnerability that impacts the Korenix JetPort 5600. Independent researcher Reid Wightman of Digital Bond identified undocumented hard-coded root credentials in the firmware of the Korenix JetPort 5600 system application without coordinatio...

Tropos Wireless Mesh Routers

Overview This advisory is a follow-up to the original advisory titled ICSA-12-297-01P—Tropos Wireless Mesh Routers Insufficient Entropy Vulnerability that was published October 23, 2012, on the ICS-CERT secure Portal library. This advisory provides mitigation details for a vulnerability that...

WellinTech KingView User Credentials Not Securely Hashed

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-212-02 WellinTech KingView User Credentials Not Securely Hashed that was published July 30, 2012, on the ICS-CERT Web page. Dr. Wesley McGrew of Mississippi State University has identified a default credential vulnerability in...

Siemens S7-1200 Web Application Cross Site Scripting

Overview This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens S7-1200 Web Application Module. Siemens has reportedSSA-279823, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last...

C3-ilex EOScada Multiple Vulnerabilities

Overview This Advisory is a follow-up release to the original Advisory which was posted to the US-CERT secure Portal library October 08, 2012. Dale Peterson of Digital Bond has identified multiple vulnerabilities in the C3-ilex’s EOScada application that can result in data leakage and a...

Optimalog Optima PLC Multiple Vulnerabilities

Overview Independent researcher Luigi Auriemma identified a NULL Pointer Dereference and an Infinite Loop and released proof-of-concept exploit code for Optimalog’s Optima PLC application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. Optimalog...

Emerson DeltaV Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-12-265-01P on the US-CERT Portal on September 21, 2012. This web page release was delayed to provide the vendor time to contact customers concerning this information. Researcher Kuang-Chun Hung of the Security Research and Service...

Siemens S7-1200 Insecure Storage of HTTPS CA Certificate

Overview Siemens has reportedSSA-240718, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last accessed September 19, 2012 an insecure HTTPS certificate storage vulnerability in Siemens’ S7-1200 v2.x. Siemens has provided guidance to...

ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability

Overview Independent researcher Reid Wightman of Digital BondKorenix and ORing Use Crypto, http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/, Web site last accessed September 19, 2012. identified hard-coded credentials in the operating system of the ORing Industrial DIN-Rail...

Fultek WinTr Directory Traversal

Overview Researcher Daiki Fukumori of Cyber Defense Institute has identified a directory traversal vulnerability in Fultek’s WinTr SCADA application. Fultek was unable to validate this vulnerability and has not offered any mitigation plans. ICS-CERT has validated the vulnerability. This...

IOServer OPC Server Multiple Vulnerabilities

Overview Independent researcher Hinge of foofus.net has identified multiple vulnerabilitiesIOServer “Root Directory” Trailing Backslash Web Server Vuln, http://www.foofus.net/?pageid=616, Web site last accessed September 13, 2012. in IOServer’s OPC Server application. IOServer has released a new...

Siemens WinCC WebNavigator Multiple Vulnerabilities

Overview Siemens has reported multiple vulnerabilities in the Siemens WinCC WebNavigator application. These vulnerabilities were originally reported directly to Siemens by Positive Technologies. Siemens has produced an update that mitigates these vulnerabilities. These vulnerabilities could be...

RealFlex RealWinDemo DLL Hijack

Overview Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in the RealFlex RealWinDemo application. RealFlex Technologies has produced an upgrade to address this vulnerability, which Mr...

WAGO IO 758 Default Linux Credentials

Overview This advisory updates the ICS-CERT Alert titled “ICS-ALERT-12-097-01 - WAGO IPC Vulnerabilities” that was posted on the ICS-CERT Web site on April 06, 2012. This alert detailed a vulnerability report of “hard-coded” credentials and improper access controls in the WAGO I/O System 758...

InduSoft ISSymbol ActiveX Control Buffer Overflow

Overview ICS-CERT received a report from Indusoft and the Zero Day Initiative ZDI concerning a heap-based buffer overflow vulnerability affecting the InduSoft ISSymbol ActiveX control. This vulnerability was reported to ZDI by security researcher Alexander Gavrun. Successful exploitation of this...

Arbiter Systems Power Sentinel Denial-of-Service Vulnerability

Overview Arbiter Systems reported to ICS-CERT that a vulnerability that causes a denial of service DoS has been identified in Arbiter Systems Power Sentinel Phasor Measurement Unit. The vulnerability can be exploited remotely. Arbiter Systems has produced a patch that mitigates this vulnerability...

GarrettCom - Use of Hard-Coded Password

Overview Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of...

GE Intelligent Platforms Proficy Real-Time Information Portal Vulnerabilities

OVERVIEW This advisory is a follow-up to the previously updated portal advisory titled ICSA-12-234-01AP—GE Intelligent Platforms Proficy Real-Time Information Portal Multiple Vulnerabilities, which was published September 17, 2012, in the US-CERT secure Portal library. This advisory provides...

Tridium Niagara Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 2 -------- This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium...

Siemens COMOS Database Privilege Escalation Vulnerability

Overview Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced an update that fixes this vulnerability. This vulnerability could be exploited remotely. Affected Products Siemens reports that the vulnerability affects the followin...

Siemens Synco OZW Default Password

Overview Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited...

Sielco Sistemi Winlog Multiple Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-12-213-01 - Sielco Sistemi Winlog Multiple Vulnerabilities that was published July 31, 2012, on the NCCIC/ICS-CERT web site. The updated advisory matches new CVE identifiers up with other publicly available...

Siemens SIMATIC S7-400 PN CPU DoS

Overview Siemens has reported to ICS-CERT that denial-of-service DoS vulnerabilities exist in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. Siemens has produced a firmware update that mitigates the vulnerability affecting the S7-400 V6. Siemens will not fix the vulnerability that...

ICONICS GENESIS32/BizViz Security Configurator Authentication Bypass Vulnerability

Overview Dr. Wesley McGrew of Mississippi State University has identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications, specifically in the Security Configurator component. This vulnerability allows an attacker to bypass...

Siemens SIMATIC STEP 7 DLL Vulnerability

Overview Siemens has released a software update for a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. Previous versions of SIMATIC STEP 7 and PCS 7 allowed the loading of malicious DLL files into the STEP 7 project folder that can be used to attack the system on which ST...

Siemens WinCC Insecure SQL Server Authentication

Overview Siemens has released a software update for an insecure SQL server authentication vulnerability in Siemens’ SIMATIC WinCC and SIMATIC PCS 7 software. Previous versions of SIMATIC WinCC use default SQL server credentials that allowed administrative access to the database. The default...

OSIsoft PI OPC DA Interface Buffer Overflow

Overview ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested b...

WellinTech KingView Multiple Vulnerabilities

Overview Independent researchers Carlos Mario Penagos Hollman and Dillon Beresford identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application. These vulnerabilities are exploitable remotely. WellinTech has created a patch and...

Pro-Face Pro-Server EX Vulnerabilities

Overview This advisory is a follow-up to the alert titled “ICS-ALERT-12-137-01 Pro-face Pro-Server EX Vulnerabilities,” that was published May 16, 2012, on the ICS-CERT Web page. Independent researcher Luigi Auriemma identified multiple vulnerabilities in the Pro-face Pro-Server EX application an...

Invensys Wonderware InTouch 10 DLL Hijack

Overview ICS-CERT originally released Advisory ICSA-12-177-01P on the US-CERT Portal on July 05, 2012. This web page release was delayed to provide the vendor time to contact customers concerning this information. Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled...

Wonderware SuiteLink Unallocated Unicode String Vulnerability

Overview This Advisory is a follow-up to the original ICS-CERT Alert titled ICS-ALERT-12-136-01 Wonderware SuiteLink Unallocated Unicode String that was published May 15, 2012 on the ICS-CERT web page. Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string...

Innominate MGuard Weak HTTPS and SSH Keys

Overview An independent research group comprised of Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line. By impersonating the device, an attacker can obtain the credentials of...

Siemens WinCC Multiple Vulnerabilities

Overview Independent researchers Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov from Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC application. In evaluating these reported...

Honeywell HMIWeb Browser Buffer Overflow Vulnerability

OVERVIEW This advisory was originally posted on the the US-CERT secure portal library titled ICSA-12-150-01P Honeywell HMIWeb Browser Buffer Overflow Vulnerability to allow customers time to download the vendor patch prior to full public disclosure. ICS-CERT received a report from Honeywell and t...

RuggedCom Weak Cryptography for Password Vulnerability

Overview --------- Begin Update A Part 1 of 2 -------- This is an update to the original advisory titled ICSA-12-146-01—RuggedCom Weak Cryptography for Password Vulnerability that was published May 25, 2012, on the ICS-CERT Web page. Independent researcher Justin W. Clarke identified a default...

Measuresoft ScadaPro DLL Hijack

Overview Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application. Measuresoft has produced an upgrade to address this vulnerability. Mr...

xArrow Multiple Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-12-065-01 xArrow Vulnerabilities that was published March 05, 2012. Independent security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application without...

Emerson DeltaV Multiple Vulnerabilities

Overview ICS-CERT originally released Advisory ICSA-12-138-01P to the US-CERT secure portal on May 17, 2012, and released Update A on May 21, 2012. This web page release including Update A was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Securi...

Advantech Studio ISSymbol ActiveX Buffer Overflow

Overview This advisory is a follow-up to the original alert titled ICS-ALERT-11-131-01 - Advantech Studio ISSymbol ActiveX Buffer Overflow Vulnerabilities that was published May 11, 2011, on the ICS-CERT web page. A remote attacker could exploit these vulnerabilities; publicly available exploit...

GE Intelligent Platforms Proficy HTML Help Vulnerabilities

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Intelligent Platforms Vulnerabilities: Stack-based Buffer Overflow, Command Injection 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Progea Movicon Memory Corruption Vulnerability

Overview Security researcher Dillon Beresford of IXIAhttp://www.ixiacom.com/, website last accessed May 10, 2012. has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker; however, no public exploits are currently...

WellinTech KingSCADA Insecure Password Encryption

Overview This advisory is a follow-up to the alert titled “ICS-ALERT-12-020-06 - WellinTech KingSCADA Insecure Password Encryption Vulnerability” that was published January 20, 2012, on the ICS-CERT web page. Independent researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an...

WellinTech KingView DLL Hijack Vulnerability

Overview Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability. Affected...

Certec atvise webMI2ADS Vulnerabilities

Overview This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-283-02 – Certec atvise webMI Vulnerabilities, released to the ICS-CERT web page on October 10, 2011. Independent researcher Luigi Auriemma has identified vulnerabilities in Certec’s webMI2ADS application. These...

Siemens Scalance S Multiple Security Vulnerabilities

Overview ICS-CERT has received a report from Siemens regarding two security vulnerabilities in the Scalance S Security Module firewall. This vulnerability was reported to Siemens by Adam Hahn and Manimaran Govindarasu for coordinated disclosure. The first issue is a brute-force credential guessin...

Siemens Scalance X Buffer Overflow Vulnerability

Overview ICS-CERT has received a report from Siemens regarding a buffer overflow vulnerability in the web interface of the Scalance X Industrial Ethernet switch. This vulnerability was reported to Siemens by Jürgen Bilberger from Daimler TSS GmbH. This vulnerability leaves the affected devices...