February 2018
13.02.2018
US CERT (ICS)
Schneider Electric IGSS SCADA Software
Title
Schneider Electric IGSS SCADA Software
Published
Feb. 13, 2018, 4 p.m.
URL
https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02
Summary
This advisory contains mitigation details for a security misconfiguration vulnerability in Schneider Electric's IDSS SCADA software.
06.02.2018
US CERT (ICS)
Vyaire Medical CareFusion Upgrade Utility Vulnerability
Title
Vyaire Medical CareFusion Upgrade Utility Vulnerability
Published
Feb. 6, 2018, 4 p.m.
URL
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01
Summary
This medical device advisory contains mitigation details for an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application.
05.02.2018
SIEMENS CERT
SSA-824231 (Last Update: 2018-02-05): Unauthenticated Firmware Upload Vulnerability in Desigo PXC
Title
SSA-824231 (Last Update: 2018-02-05): Unauthenticated Firmware Upload Vulnerability in Desigo PXC
Published
Feb. 5, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf
Summary
The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication. Siemens recommends updating to the new version.
01.02.2018
US CERT (ICS)
Fuji Electric V-Server VPR
Title
Fuji Electric V-Server VPR
Published
Feb. 1, 2018, 4:05 p.m.
URL
https://ics-cert.us-cert.gov/advisories/ICSA-18-032-01
Summary
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Fuji Electric V-Server VPR data collection and management service.
January 2018
25.01.2018
SIEMENS CERT
SSA-651454 (Last Update: 2018-01-25): Vulnerabilities in TeleControl Server Basic
Title
SSA-651454 (Last Update: 2018-01-25): Vulnerabilities in TeleControl Server Basic
Published
Jan. 25, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-651454.pdf
Summary
The latest update for TeleControl Server Basic resolves three vulnerabilities. One of these vulnerabilities could allow an authenticated attacker with network access to escalate his privileges and perform administrative actions. Siemens recommends updating to the new version.
24.01.2018
SIEMENS CERT
SSA-901333 (Last Update: 2018-01-24): KRACK Attacks Vulnerabilities in Industrial Products
Title
SSA-901333 (Last Update: 2018-01-24): KRACK Attacks Vulnerabilities in Industrial Products
Published
Jan. 24, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Summary
Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication. Several Siemens Industrial ...
24.01.2018
SIEMENS CERT
SSA-731239 (Last Update: 2018-01-24): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
Title
SSA-731239 (Last Update: 2018-01-24): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
Published
Jan. 24, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
Summary
Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
18.01.2018
SIEMENS CERT
SSA-701708 (Last Update: 2018-01-18): Local Privilege Escalation in Industrial Products
Title
SSA-701708 (Last Update: 2018-01-18): Local Privilege Escalation in Industrial Products
Published
Jan. 18, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf
Summary
In non-default configurations several industrial products are affected by a vulnerability that could allow local Microsoft Windows operating system users to escalate their privileges. Siemens provides updates for several products and a temporary fix for the remaining affected products. Siemens is working on new versions for the remaining affected products ...
18.01.2018
SIEMENS CERT
SSA-284673 (Last Update: 2018-01-18): Vulnerability in Industrial Products
Title
SSA-284673 (Last Update: 2018-01-18): Vulnerability in Industrial Products
Published
Jan. 18, 2018, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf
Summary
Several industrial devices are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates for ...
11.01.2018
US CERT (ICS)
Meltdown and Spectre Vulnerabilities (Update G)
Title
Meltdown and Spectre Vulnerabilities (Update G)
Published
Jan. 11, 2018, 6:51 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update F) that was published March 1, 2018, on the NCCIC/ICS-CERT website.
11.01.2018
US CERT (ICS)
Meltdown and Spectre Vulnerabilities (Update F)
Title
Meltdown and Spectre Vulnerabilities (Update F)
Published
Jan. 11, 2018, 6:51 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01F
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01E Meltdown and Spectre Vulnerabilities that was published February 22, 2018, on the NCCIC/ICS-CERT web site.
11.01.2018
US CERT (ICS)
Meltdown and Spectre Vulnerabilities (Update J)
Title
Meltdown and Spectre Vulnerabilities (Update J)
Published
Jan. 11, 2018, 6:51 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update I) that was published September 11, 2018, on the NCCIC/ICS-CERT website.
11.01.2018
US CERT (ICS)
Meltdown and Spectre Vulnerabilities (Update H)
Title
Meltdown and Spectre Vulnerabilities (Update H)
Published
Jan. 11, 2018, 6:51 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update G) that was published April 27, 2018, on the NCCIC/ICS-CERT website.
11.01.2018
US CERT (ICS)
Meltdown and Spectre Vulnerabilities (Update I)
Title
Meltdown and Spectre Vulnerabilities (Update I)
Published
Jan. 11, 2018, 6:51 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update H) that was published July 10, 2018, on the NCCIC/ICS-CERT website.
December 2017
07.12.2017
US CERT (ICS)
WAGO PFC200
Title
WAGO PFC200
Published
Dec. 7, 2017, 10:11 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-341-01
Summary
NCCIC is aware of a public report of an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. According to this report, the vulnerability is exploitable by sending a TCP payload on the bound port. This report was released after attempted coordination with WAGO. NCCIC has notified ...
August 2017
04.08.2017
US CERT (ICS)
Eaton ELCSoft Vulnerabilities
Title
Eaton ELCSoft Vulnerabilities
Published
Aug. 4, 2017, 9:11 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-216-01-0
Summary
NCCIC/ICS-CERT is aware of a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. According to the public report, which was coordinated with ICS-CERT prior to its public release, researcher Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative, ...
July 2017
28.07.2017
US CERT (ICS)
CAN Bus Standard Vulnerability
Title
CAN Bus Standard Vulnerability
Published
July 28, 2017, 9:34 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01
Summary
NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. According to the public report, which was coordinated with ICS-CERT prior to its public release, researchers Andrea Palanca, Eric ...
25.07.2017
US CERT (ICS)
CRASHOVERRIDE Malware
Title
CRASHOVERRIDE Malware
Published
July 25, 2017, 6:45 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01
Summary
CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable ...
June 2017
30.06.2017
US CERT (ICS)
Petya Malware Variant (Update C)
Title
Petya Malware Variant (Update C)
Published
June 30, 2017, 11:09 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01C
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-181-01B Petya Malware Variant that was published July 5, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance ...
May 2017
16.05.2017
US CERT (ICS)
Indicators Associated With WannaCry Ransomware (Update I)
Title
Indicators Associated With WannaCry Ransomware (Update I)
Published
May 16, 2017, 1:16 a.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01I
Summary
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01H Indicators Associated With WannaCry Ransomware that was published May 31, 2017, on the NCCIC/ICS-CERT web site.
April 2017
12.04.2017
US CERT (ICS)
BrickerBot Permanent Denial-of-Service Attack (Update A)
Title
BrickerBot Permanent Denial-of-Service Attack (Update A)
Published
April 12, 2017, 5:02 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A
Summary
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-102-01A BrickerBot Permanent Denial-of-Service Attack that was published April 12, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of open-source reports of “BrickerBot” attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial ...
March 2017
14.03.2017
US CERT (ICS)
MEMS Accelerometer Hardware Design Flaws (Update A)
Title
MEMS Accelerometer Hardware Design Flaws (Update A)
Published
March 14, 2017, 3:10 p.m.
URL
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-073-01A
Summary
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-073-01 MEMS Accelerometer Hardware Design Flaws that was published March 14, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of public reporting of hardware design flaws in some capacitive micro-electromechanical systems (MEMS) accelerometer sensors, which are produced by ...

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
30.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds