SIEMENS CERT
01/18/2018
Several industrial devices are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates for …
CISA (ICS)
04/05/2011
Overview This ICS-CERT Advisory is a follow-up to ICS-ALERT-11-080-01 . An independent researcher has identified six vulnerabilities in the Siemens Tecnomatix FactoryLink supervisory control and data acquisition (SCADA) product. The researcher has also publicly released exploit code. The researcher identified the following vulnerabilities types: Buffer overflow (2 vul) Absolute Path …
CISA (ICS)
03/26/2011
Overview The sun generates solar flare and coronal mass ejection (CME) events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk to critical infrastructure. In a recent …
CISA (ICS)
03/23/2011
Overview ICS-CERT has received a report from independent security researcher Dan Rosenberg with Virtual Security Research (VSR) of an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation, and remote code execution against the backend host running …
CISA (ICS)
03/15/2011
Overview This advisory is a follow-up to ICS-ALERT-11-066-01 - WellinTech KingView 6.53 ActiveX Vulnerability , published on the ICS-CERT Web page on March 7, 2011. An independent security researcher reported a stack-based buffer overflow vulnerability in an ActiveX control in WellinTech KingView V6.53. The researcher has publicly released exploit code …
CISA (ICS)
03/02/2011
Overview An independent security researcher has published information to a vulnerability disclosure website regarding a buffer overflow vulnerability in the Wonderware InBatch and I/A Series Batch software products (all supported versions). According to the researcher’s report, the service listening on TCP Port 9001 is vulnerable to a buffer overflow that …
CISA (ICS)
02/15/2011
Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The following ClearSCADA versions are affected: ClearSCADA 2005 (all versions) ClearSCADA 2007 (all versions) ClearSCADA 2009 (all versions …
CISA (ICS)
02/11/2011
Overview McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”McAfee, http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, accessed February 10, 2011. which describes advanced persistent threat activity designed to obtain sensitive data from targeted organizations in the global oil, energy, and petrochemical industries. According to the report, this activity began in 2009 or …