Blog Posts Tagged with "ICS-CERT"
ICS-CERT: Multiple PLC Zero-Day Vulnerabilities
January 24, 2012 Added by:Headlines
The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...
Comments (0)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
January 21, 2012 Added by:Headlines
Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...
Comments (0)
ICS-CERT: Schneider Quantum Ethernet Module Vulnerability
January 20, 2012 Added by:Headlines
Researcher Rubén Santamarta previously announced hard-coded credentials in the Schneider Electric Quantum Ethernet Module.Exploitation of these vulnerabilities may allow an attacker to gain elevated privileges, load modified firmware, or perform malicious activities on the system...
Comments (0)
ICS-CERT: General Electric D20ME PLC Vulnerability
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
Comments (0)
ICS-CERT: Certec EDV GmbH App DoS Vulnerability
January 19, 2012 Added by:Headlines
Independent researcher Luigi Auriemma has identified a denial of service (DoS) vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability...
Comments (0)
ICS-CERT: Cogent DataHub Application Vulnerability
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
Comments (0)
ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
Comments (0)
ICS-CERT: Open Automation Software OPC Systems Vulnerability
January 13, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...
Comments (0)
ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities
January 10, 2012 Added by:Headlines
Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...
Comments (0)
ICS-CERT: Control System Internet Accessibility Advisory
January 09, 2012 Added by:Headlines
The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack...
Comments (0)
ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerabilities
January 06, 2012 Added by:Headlines
Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...
Comments (0)
ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX
January 05, 2012 Added by:Headlines
Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...
Comments (0)
ICS-CERT: WellinTech’s Kingview SCADA Vulnerability
December 22, 2011 Added by:Headlines
"An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code... Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash..."
Comments (0)
ICS-CERT: 7-Technologies IGSS Data Server Vulnerability
December 21, 2011 Added by:Headlines
"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host..."
Comments (0)
ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerability
December 20, 2011 Added by:Headlines
"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components," the ICS-CERT advisory warns...
Comments (0)
ICS-CERT Issues New SCADA Vulnerability Advisory
December 14, 2011 Added by:Headlines
Santamarta uncovered multiple hidden accounts with default passwords in the systems that could allow an attacker to remotely access the network, view and modify the module's firmware, execute arbitrary malicious code, or cause a denial of service interruption...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)