ICS-CERT Advisory 14-238-02 - Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server (WIS). Schneider Electric has produced an update that mitigates these vulnerabilities. Some of these vulnerabilities could be exploited remotely.
e850a4bb6ae07055ff00878ae3e6e5133655aa4d07e4084a152cb16a2cd12e30ICS-CERT Advisory 13-079-02 - This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Independent researcher Sergey Gordeychik of Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has produced a software update that fully resolves these vulnerabilities. Exploitation of these vulnerabilities could allow a denial of service (DoS) condition, unauthorized read access to files, or remote code execution. This could affect multiple industries, including food and beverage, water and wastewater, oil and gas, and chemical sectors worldwide. These vulnerabilities could be exploited remotely.
e86d7625da69e96f25c03a09637a085e26ecba22b2bf0dd2a1cd0873bb1460d9ICS-CERT Advisory 12-271-01 - This Advisory is a follow-up release to the original Advisory which was posted to the US-CERT secure Portal library October 08, 2012. Dale Peterson of Digital Bond has identified multiple vulnerabilities in the C3-ilex's EOScada application that can result in data leakage and a denial-of-service (DoS) condition. C3-ilex has produced a patch that resolves these vulnerabilities.
2dbc28bc1abdae2611ac393447f9f3c191203496af620601f16a8d74aa1efb70ICS-CERT Advisory 12-243-01 - Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of access to the system to escalate the attacker’s privilege to the administrative level. The attacker must have access to a logon account on the device to exploit this vulnerability. GarrettCom has produced a patch that mitigates this vulnerability.
71f6ced785250177950747b2672a05eeff6721af0e798ee700d0e98c8b4b363bICS-CERT Advisory 12-234-01 - ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc. According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device.
ccc2e9d5add6093115adb23c1f03197a8b414917e07e5bc98ead1c99683d33a0ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.
a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649bICS-Alert 11-346-01 - On December 12, 2011, independent security researcher Rubén Santamarta publicly announced details of multiple vulnerabilities affecting the Schneider Electric Quantum Ethernet Module. Prior to publication, Mr. Santamarta notified ICS-CERT of the vulnerabilities. ICS-CERT is coordinating mitigations with Mr. Santamarta and Schneider Electric. Schneider has produced a fix for two of the reported vulnerabilities and is continuing to develop additional mitigations.
9778d7636ef3e4a79ff7e21dffc414c0bcb49002566536caf10085dd1ba06dcc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed