CISA (ICS)
02/08/2011
Overview ICS-CERT has received a report from independent security researcher Jeremy Brown that a remote heap corruption vulnerability exists in IGSS (Interactive Graphical SCADA System) Version 8 from 7-Technologies (7T). 7T has verified the vulnerability and has developed a patch. Affected Products This vulnerability affects only IGSS Versions 8 and …
CISA (ICS)
01/25/2011
Overview The US Federal Aviation Administration (FAA) has issued two flight advisories identifying planned Global Positioning System (GPS) temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing this advisory as a follow up to yesterday’s …
CISA (ICS)
01/18/2011
Overview The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has developed a patch to address this vulnerability. The …
CISA (ICS)
01/17/2011
Overview Independent researcher Luigi Auriemma reported a stack overflow vulnerability in Version 2.07.00 of the Sielco Sistemi WinLog Lite and Winlog Pro HMI software. Sielco Sistemi has developed an update (Version 2.07.01) to address this vulnerability. The researcher has verified that the update is effective in correcting this vulnerability. Affected …
CISA (ICS)
01/17/2011
Overview This advisory is a follow-up to ICS-ALERT-11-011-01 WellinTech Kingview Buffer Overflow , published on the ICS-CERT Web site on January 11, 2011. Independent security researcher Dillon Beresford reported a heap overflow vulnerability in WellinTech KingView V6.53, which may allow a remote, unauthenticated attacker to execute arbitrary code. ICS-CERT has …
CISA (ICS)
01/02/2011
Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the test web server bundled with Advantech Studio Version 6.1. This web server is intended to be used for testing purposes and should not be used in a production …
CISA (ICS)
12/28/2010
Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal , published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow data leakage. ICS-CERT is currently in …
CISA (ICS)
12/15/2010
OVERVIEW This advisory is a follow-up to ICS-ALERT-10-293-01 - Intellicom NetBiter WebSCADA Vulnerabilities , published on the ICS-CERT Web page on October 20, 2010. On October 1, 2010 independent researchers identified vulnerabilities in the Intellicom NetBiter Supervisory Control and Data Acquisition (SCADA) applications. A directory traversal vulnerability is present in …