-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathesorics2020-icsa_alert.json
11582 lines (11582 loc) · 719 KB
/
esorics2020-icsa_alert.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[
{
"icsa_id": "ICSA-10-070-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-070-01A",
"icsa_release": "2010-05-03T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "Rockwell Automation RSLinx Classic EDS Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Rockwell Automation",
"icsa_oneliner": " A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool (RSHWare.exe). This vulnerability is likely exploitable; however, significant user interaction would be required."
},
{
"icsa_id": "ICSA-10-070-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-070-02",
"icsa_release": "2010-03-10T00:00:00",
"icsa_update": "2014-10-23T00:00:00",
"icsa_description": "Rockwell PLC5/SLC5/0x/RSLogix Security Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "Rockwell Automation",
"icsa_oneliner": " Rockwell Automation has identified a security vulnerability in the programming and configuration client software authentication mechanism employed by certain versions of the PLC-5 and SLC 5/0x family of programmable controllers."
},
{
"icsa_id": "ICSA-10-090-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-090-01",
"icsa_release": "2010-03-31T00:00:00",
"icsa_update": "2014-01-20T00:00:00",
"icsa_description": "Mariposa Botnet",
"icsa_is_update": "0",
"icsa_vendor": "Other",
"icsa_oneliner": " ICS-CERT has received reports and investigated infections of the Mariposaa botnet, which have affected the business networks of multiple control system owners in recent months. ICS-CERT has no information to indicate that these infections have specifically targeted United States Critical Infrastructure and Key Resources (CIKR), or any specific sector or organization."
},
{
"icsa_id": "ICSA-10-097-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-097-01",
"icsa_release": "2010-04-27T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "ABB NETCADOPS HELP SYSTEM VULNERABILITY",
"icsa_is_update": "1",
"icsa_vendor": "ABB",
"icsa_oneliner": " A cross-site scriptinga vulnerability exists in the system used by the ABB Electrical Distribution Management System (DMS) product netCADOPS to generate online Help."
},
{
"icsa_id": "ICSA-10-147-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-147-01",
"icsa_release": "2010-05-27T00:00:00",
"icsa_update": "2014-09-09T00:00:00",
"icsa_description": "Cisco Network Building Mediator",
"icsa_is_update": "1",
"icsa_vendor": "Cisco",
"icsa_oneliner": " Cisco has identified multiple security vulnerabilitiesa in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. The following vulnerabilities have been identified: default credentials, privilege escalation, unauthorized information interception, and unauthorized information access. Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device."
},
{
"icsa_id": "ICSA-10-201-01C",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-201-01C",
"icsa_release": "2010-08-02T00:00:00",
"icsa_update": "2014-01-08T00:00:00",
"icsa_description": "USB Malware Targeting Siemens Control Software (Update C)",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " VirusBlokAda, an antivirus vendor based in Belarus, announceda the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this zero-day vulnerability and exploits systems after users open a USB drive with a file manager capable of displaying icons (like Windows Explorer). US-CERT has released a Vulnerability Noteb detailing the vulnerability and suggested workarounds. Microsoft has also released a Security Advisory (2286198)c detailing the previously unknown vulnerability. ICS-CERT has confirmed the malware installs a trojan that interacts with installed SIMATIC® WinCC or SIMATIC® Siemens STEP 7 software and then makes queries to any discovered SIMATIC® databases. The full capabilities of the malware and intent or results of the queries are not yet known. ICS-CERT is coordinating with Siemens CERT, CERT/CC, Microsoft, and other groups both domestically"
},
{
"icsa_id": "ICSA-10-214-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-214-01",
"icsa_release": "2010-08-02T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Wind River VxWorks Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Wind River",
"icsa_oneliner": " A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default (VU#362332) and a weak hashing algorithm used in authentication (VU#840249). ICS-CERT has been coordinating with CERT/CC in alerting control systems vendors of these vulnerabilities. ICS-CERT will continue to coordinate and publish updates as needed."
},
{
"icsa_id": "ICSA-10-228-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-228-01",
"icsa_release": "2010-08-16T00:00:00",
"icsa_update": "2013-05-08T00:00:00",
"icsa_description": "Vendor Admin Accounts Warning",
"icsa_is_update": "0",
"icsa_vendor": "Other",
"icsa_oneliner": " An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on those systems. The addition of an administrative account to an ICS network with the password known by a contract company increases the cybersecurity risk to the asset owner. This advisory highlights existing practices that may adversely impact the cybersecurity of industrial control systems (ICS) environments relative to malicious actors."
},
{
"icsa_id": "ICSA-10-238-01B",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-238-01B",
"icsa_release": "2010-09-15T00:00:00",
"icsa_update": "2014-01-08T00:00:00",
"icsa_description": "Stuxnet Malware Mitigation (Update B)",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ICSA-10-201 USB Malware Targeting Siemens Control Software.” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities and intent. As the analysis has progressed, understanding of the malware sophistication has continued to increase. Stuxnet makes use of a previously unpatched Windows vulnerability and a digitally signed kernel-mode rootkit. There have been two digital certificates used to sign this rootkit. The original certificate was revoked. Subsequently, a second variant was discovered in which the same rootkit was signed with a different key, which has also been revoked. With approximately 4,000 functions, Stuxnet contains as much code as some commercial software products. The complex code is object oriented and employs many programming techniques that demonstrate advanced knowledge in many areas, including the Windows operating system, Microsoft SQL Server, Siemens software, and Siemens PLCs. The malware also employs many advanced anti-analysis techniques that make reverse engineering difficult and time consuming. ICS-CERT has identified that while USB drives appear to be a primary infection mechanism, Stuxnet can also infect systems through network shares and SQL databases. The Stuxnet malware stores dropped files in many locations on a target system. The infection mechanism is complex, and the exact files that may be dropped will vary depending on the system it is infecting. After infecting a system, the malware gathers extensive data from MS SQL server, Windows registry, and application software. Once the malware has installed itself on a system, it employs many evasive techniques, including bypassing antivirus software, advanced process injection, hooking useful functions by kernel-mode rootkits, and the quick removal of temporary files. ICS-CERT is continuing to reverse engineer and analyze this malware. Because of the malware’s complexity, this work is expected to take some time."
},
{
"icsa_id": "ICSA-10-264-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-264-01",
"icsa_release": "2010-09-21T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "SCADA Engine",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-10-260-01 SCADA Engine BACnet OPC Client Buffer Overflow, which was published on the ICS-CERT Web site on September 17, 2010. A buffer overflow vulnerability has been reporteda in SCADA Engine’s BACnet OPC Client. Using a specially crafted malicious file, this vulnerability could allow an attacker to crash the application and execute arbitrary code. A software update is available that resolves this vulnerability. ICS-CERT is aware that exploit code for this vulnerability is publicly available.b However, ICS-CERT has not received any reports of the vulnerability being exploited in the wild."
},
{
"icsa_id": "ICSA-10-272-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-272-01",
"icsa_release": "2010-09-29T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Primary Stuxnet Advisory",
"icsa_is_update": "1",
"icsa_vendor": "Other",
"icsa_oneliner": " ICS-CERT has been actively investigating and reporting on the Stuxnet vulnerability. To date, ICS-CERT has released ICSA-10-201-01 - Malware Targeting Siemens Control Software (including Updates B & C) and ICSA-10-238-01 - Stuxnet Mitigations (including Update B). Stuxnet uses four zero-day exploits (two of which have been patched) and takes advantage of a vulnerability also exploited by Conficker, which has been documented in Microsoft Security Bulletin MS-08-067.a The known methods of propagation include infected USB devices, network shares, STEP 7 Project files, WinCC database files, and the print spooler vulnerability addressed by MS-10-061.b The malware can be updated through a command and control infrastructure as well as peer-to-peer communication using the Remote Procedure Call (RPC) protocol. The malware also interacts with Siemens SIMATIC WinCC or SIMATIC STEP 7 software. Exact software versions and configurations that may be affected are still being analyzed jointly by ICS-CERT and Siemens. We have listed the following indicators for use in detecting this malware."
},
{
"icsa_id": "ICSA-10-301-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-301-01A",
"icsa_release": "2010-11-10T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "MOXA Device Manager Buffer Overflow (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Moxa",
"icsa_oneliner": ""
},
{
"icsa_id": "ICSA-10-313-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-313-01",
"icsa_release": "2010-11-08T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "RealFlex RealWin Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "RealFlex Technologies",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-10-305-01 RealFlex RealWin Buffer Overflows, which was published on the ICS-CERT Web site on November 01, 2010. On October 15, 2010 an independent security researcher posted informationa regarding vulnerabilities in RealFlex Technologies Ltd. RealWin SCADA software products. The security researcher’s analysis indicated that successful exploitation of these vulnerabilities can lead to arbitrary code execution and control of the system. RealFlex Technologies has validated the researcher’s findings and released an updateb to resolve these issues. ICS-CERT has verified that the software update resolves the vulnerabilities highlighted by the researcher."
},
{
"icsa_id": "ICSA-10-314-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-314-01A",
"icsa_release": "2011-02-15T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "ClearScada Vulnerabilities (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Schneider Electric",
"icsa_oneliner": " Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow VulnerabilityCross-site Scripting VulnerabilitiesInsecure Web Authentication."
},
{
"icsa_id": "ICSA-10-316-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-316-01A",
"icsa_release": "2010-12-15T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Intellicom NetBiter WebSCADA Vulnerabilities (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Intellicom",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-10-293-01 - Intellicom NetBiter WebSCADA Vulnerabilities, published on the ICS-CERT Web page on October 20, 2010. On October 1, 2010 independent researchers identified vulnerabilities in the Intellicom NetBiter Supervisory Control and Data Acquisition (SCADA) applications. A directory traversal vulnerability is present in all affected devices that lead to local file disclosure. The ability to upload malicious web content using a custom logo page is also possible. All of the reported vulnerabilities require superadmin privileges. If the default password is not changed, the vulnerability can be leveraged to gain additional access to an affected device’s file system."
},
{
"icsa_id": "ICSA-10-322-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-322-01",
"icsa_release": "2010-12-14T00:00:00",
"icsa_update": "2013-04-29T00:00:00",
"icsa_description": "Ecava IntegraXor Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Ecava",
"icsa_oneliner": " The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code. Ecava has verified the claim and has released a patch to mitigate the vulnerability (igsetup-3.5.3900.10.msi or later)."
},
{
"icsa_id": "ICSA-10-322-02A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-322-02A",
"icsa_release": "2010-11-17T00:00:00",
"icsa_update": "2013-08-28T00:00:00",
"icsa_description": "Automated Solutions OPC Vulnerability (Update)",
"icsa_is_update": "1",
"icsa_vendor": "Automated Solutions",
"icsa_oneliner": " The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a heap corruption vulnerability in the Automated Solutions Modbus/TCP Master OPC server. Automated Solutions has confirmed that their most recent patch mitigates the vulnerability for Version 3.0.0. ICS-CERT has verified that the software update resolves the vulnerability identified by the researcher. --------- Begin Update A-------- The vulnerability could be exploited by creating a Modbus/TCP Slave application that generates non-compliant Modbus/TCP reply packets. Successful exploitation would likely not allow arbitrary code execution; however, an exploit could possibly corrupt the OPC server memory. --------- End Update A--------"
},
{
"icsa_id": "ICSA-10-337-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-337-01",
"icsa_release": "2011-01-02T00:00:00",
"icsa_update": "2013-10-28T00:00:00",
"icsa_description": "Advantech Studio Test Web Server Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Advantech",
"icsa_oneliner": " The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the test web server bundled with Advantech Studio Version 6.1. This web server is intended to be used for testing purposes and should not be used in a production environment. Advantech has verified the problem and has developed a patch to mitigate the vulnerability."
},
{
"icsa_id": "ICSA-10-348-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-348-01A",
"icsa_release": "2011-03-02T00:00:00",
"icsa_update": "2013-04-22T00:00:00",
"icsa_description": "Wonderware InBatch Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Invensys",
"icsa_oneliner": " An independent security researcher has published information to a vulnerability disclosure website regarding a buffer overflow vulnerability in the Wonderware InBatch and I/A Series Batch software products (all supported versions). According to the researcher’s report, the service listening on TCP Port 9001 is vulnerable to a buffer overflow that could cause denial of service (DOS) or the possible execution of arbitrary code. This vulnerability is remotely exploitable and exploit code is publicly available. --------- Begin Update A Part 1 of 2 ---------- Invensys has validated the researcher’s claim and has released a patch for this vulnerability. The patchcan be downloaded at Invensys Cyber Security Updates page.a ICS-CERT has validated the patch. ---------- End Update A Part 1 of 2 ---------- ICS-CERT is coordinating this vulnerability disclosure with Invensys and the CERT Coordination Center (CERT/CC)."
},
{
"icsa_id": "ICSA-10-362-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-10-362-01",
"icsa_release": "2010-12-28T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Ecava IntegraXor Directory Traversal",
"icsa_is_update": "1",
"icsa_vendor": "Ecava",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal, published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow data leakage. ICS-CERT is currently in contact with representatives of Ecava who have verified the vulnerability. Ecava has developed and released a patch to mitigate the vulnerability (igsetup-3.6.4000.1.msi or later) and has notified its customer base of the availability of the patch (http://www.integraxor.com/download/igsetup.msi). This patch has been verified by both the ICS-CERT and the independent security researcher."
},
{
"icsa_id": "ICSA-11-017-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-017-01",
"icsa_release": "2011-01-17T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "WellinTech Kingview 6.53 Remote Heap Overflow",
"icsa_is_update": "1",
"icsa_vendor": "WellinTech",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-11-011-01 WellinTech Kingview Buffer Overflow, published on the ICS-CERT Web site on January 11, 2011. Independent security researcher Dillon Beresford reported a heap overflow vulnerability in WellinTech KingView V6.53, which may allow a remote, unauthenticated attacker to execute arbitrary code. ICS-CERT has verified the vulnerability. WellinTech has developed and released a patch to mitigate this vulnerability, 6.53(2010-12-15). This patch has been validated by both ICS-CERT and the independent security researcher."
},
{
"icsa_id": "ICSA-11-017-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-017-02",
"icsa_release": "2011-01-17T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Sielco Sistemi WinLog Stack Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Sielco Sistemi",
"icsa_oneliner": " Independent researcher Luigi Auriemma reported a stack overflow vulnerability in Version 2.07.00 of the Sielco Sistemi WinLog Lite and Winlog Pro HMI software. Sielco Sistemi has developed an update (Version 2.07.01) to address this vulnerability. The researcher has verified that the update is effective in correcting this vulnerability."
},
{
"icsa_id": "ICSA-11-018-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-018-01",
"icsa_release": "2011-01-18T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "AGG SCADA Viewer OPC Buffer Overflow Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "AGG Software",
"icsa_oneliner": " The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has developed a patch to address this vulnerability. The researcher has also verified that the patch resolves the issue."
},
{
"icsa_id": "ICSA-11-018-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-018-02",
"icsa_release": "2011-02-08T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "7-Technologies IGSS 8 ODBC Server Remote Heap Corruption",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT has received a report from independent security researcher Jeremy Brown that a remote heap corruption vulnerability exists in IGSS (Interactive Graphical SCADA System) Version 8 from 7-Technologies (7T). 7T has verified the vulnerability and has developed a patch."
},
{
"icsa_id": "ICSA-11-025-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-025-01",
"icsa_release": "2011-01-25T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "Federal Aviation Administration GPS Testing",
"icsa_is_update": "1",
"icsa_vendor": "Other",
"icsa_oneliner": " The US Federal Aviation Administration (FAA) has issued two flight advisories identifying planned Global Positioning System (GPS) temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing this advisory as a follow up to yesterday’s alert to notify industrial control systems (ICS) owners and operators whose control systems employ GPS for timing reference or positioning data of possible intermittent GPS service during the testing."
},
{
"icsa_id": "ICSA-11-041-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-041-01A",
"icsa_release": "2011-02-11T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "McAfee Night Dragon Report (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Other",
"icsa_oneliner": " McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”a which describes advanced persistent threat activity designed to obtain sensitive data from targeted organizations in the global oil, energy, and petrochemical industries. According to the report, this activity began in 2009 or potentially as early as 2007."
},
{
"icsa_id": "ICSA-11-056-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-056-01A",
"icsa_release": "2011-06-14T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "Progea Movicon TCPUploadServer (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Progea",
"icsa_oneliner": " ICS-CERT has received a report from independent security researcher Jeremy Brown of a data leakage and denial-of-service vulnerability in Progea’s Movicon 11 human machine interface (HMI) product. Progea has verified the vulnerability and has developed a patch to address the issue. ICS-CERT has verified that the patch resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-069-01B",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-069-01B",
"icsa_release": "2011-06-07T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "Samsung Data Management Server (Update B)",
"icsa_is_update": "1",
"icsa_vendor": "Samsung",
"icsa_oneliner": " This updated website posting provides new information regarding Samsung’s process for acquiring the updated software to mitigate the reported vulnerability. José A. Guasch,a reported a SQL injection vulnerability in the Samsung Data Management Server (DMS). Samsung has released an update and ICS-CERT has verified that the software update corrects the vulnerability."
},
{
"icsa_id": "ICSA-11-074-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-074-01",
"icsa_release": "2011-03-15T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "WellinTech KingView 6.53 KVWebSvr ActiveX",
"icsa_is_update": "1",
"icsa_vendor": "WellinTech",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-11-066-01 - WellinTech KingView 6.53 ActiveX Vulnerability, published on the ICS-CERT Web page on March 7, 2011. An independent security researcher reported a stack-based buffer overflow vulnerability in an ActiveX control in WellinTech KingView V6.53. The researcher has publicly released exploit code for this vulnerability. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code. WellinTech has released an update for the vulnerable file. ICS-CERT has confirmed the update resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-082-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-082-01",
"icsa_release": "2011-03-23T00:00:00",
"icsa_update": "2013-04-30T00:00:00",
"icsa_description": "Ecava IntegraXor SQL",
"icsa_is_update": "1",
"icsa_vendor": "Ecava",
"icsa_oneliner": " ICS-CERT has received a report from independent security researcher Dan Rosenberg with Virtual Security Research (VSR) of an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation, and remote code execution against the backend host running the database service. ICS-CERT has coordinated with Ecava, which has verified the vulnerability and developed a patched release of IntegraXor (Build 4050) to address this vulnerability. Both ICS-CERT and the independent security researcher have validated the patch."
},
{
"icsa_id": "ICSA-11-084-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-084-01",
"icsa_release": "2011-03-26T00:00:00",
"icsa_update": "2014-01-02T00:00:00",
"icsa_description": "Solar Magnetic Storm Impact on Control Systems",
"icsa_is_update": "0",
"icsa_vendor": "Other",
"icsa_oneliner": " The sun generates solar flare and coronal mass ejection (CME) events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk to critical infrastructure.In a recent case, Earth-orbiting satellites detected the strongest magnetic storm in more than 4 years resulting from a solar flare and CME event.a Figure 1 illustrates the size of the CME shockwave edge in relation to the size of the sun at the point of the eruption. Figure 1. X2-solar flare and coronal mass ejection at the time of the eruption. At 0156 UT on February 15, 2011, Active Region 11158 unleashed an X2-class eruption.b X-flares are the largest type of X-ray flares, and this is the first such eruption of new Solar Cycle 24. The explosion that produced this flare also sent a solar tsunami rippling through the sun’s atmosphere and hurled a CME toward Earth. By the time the CME reached the Earth, the shockwave leading edge had expanded to approximately 40 million miles across. CME activity will continue to occur as this solar cycle progresses. The purpose of this Advisory is to inform the industrial control systems (ICS) community of the possible impacts of solar magnetic storms on critical infrastructure control systems. This Advisory provides a high-level overview of the potential problems and offers some general mitigation strategies for consideration by the ICS community."
},
{
"icsa_id": "ICSA-11-091-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-091-01A",
"icsa_release": "2011-04-05T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Siemens Tecnomatix FactoryLink Vulnerabilities (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " This ICS-CERT Advisory is a follow-up to ICS-ALERT-11-080-01. An independent researcher has identified six vulnerabilities in the Siemens Tecnomatix FactoryLink supervisory control and data acquisition (SCADA) product. The researcher has also publicly released exploit code. The researcher identified the following vulnerabilities types: Buffer overflow (2 vul)Absolute Path Traversal (3 vul)NULL Pointer Dereference (1 vul). Siemens has released a patch addressing the identified vulnerablities. ICS-CERT has not yet validated this patch."
},
{
"icsa_id": "ICSA-11-094-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-094-01",
"icsa_release": "2011-04-13T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Wonderware InBatch Client ActiveX Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Invensys",
"icsa_oneliner": " ICS-CERT has received a report from independent security researcher Jeremy Brown regarding a buffer overflow vulnerability in a Wonderware InBatch Client ActiveX control. According to the researcher’s report, the client ActiveX control is vulnerable to a buffer overflow that could cause denial of service (DoS) or the possible execution of arbitrary code in older versions. In order to successfully exploit this vulnerability, the attacker must direct the InBatch client user to a malicious host. This exploit requires the attacker to perform social engineering. Invensys has validated the researcher’s claim and has developed a patch to mitigate this vulnerability. ICS-CERT has verified that the provided security patch resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-094-02B",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-094-02B",
"icsa_release": "2014-01-07T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Advantech/Broadwin WebAccess RPC Vulnerability (Update B)",
"icsa_is_update": "1",
"icsa_vendor": "Advantech",
"icsa_oneliner": " This updated advisory is a follow-up to the updated advisory titled ICSA-11-094-02A Advantech/Broadwin WebAccess RPC Vulnerability that was published November 4, 2011, on the NCCIC/ICS-CERT Web site."
},
{
"icsa_id": "ICSA-11-096-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-096-01",
"icsa_release": "2011-04-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "GLEG Agora SCADA+ Exploit Pack",
"icsa_is_update": "1",
"icsa_vendor": "Other",
"icsa_oneliner": " On March 15, 2011, GLEG Ltd. announced the Agora SCADA+ Exploit Pack for Immunity’s CANVAS system. CANVAS is a penetration testing framework that is extensible using CANVAS Exploit Packs. On March 25, 2011, GLEG announced it would be adding exploits for the 35 vulnerabilities released by Luigi Auriemma on March 21, 2011. The ICS-CERT has not received any reports of this tool being used for an unauthorized compromise of an actual control system installation. ICS-CERT has prepared this advisory to provide an initial summary of the possible vulnerabilities contained in this exploit pack. Please note that at this time, the information contained in this report is not conclusive, nor is it comprehensive. This report represents a cursory and credible snapshot of the vulnerabilities that are likely contained in the pack, based on the analysis conducted by ICS-CERT."
},
{
"icsa_id": "ICSA-11-103-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-103-01A",
"icsa_release": "2011-08-15T00:00:00",
"icsa_update": "2014-03-13T00:00:00",
"icsa_description": "Honeywell ScanServer ActiveX Control (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Honeywell",
"icsa_oneliner": ""
},
{
"icsa_id": "ICSA-11-108-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-108-01",
"icsa_release": "2011-04-18T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "ICONICS GENESIS (32 & 64) Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "ICONICS",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-11-080-02 ICONICS GENESIS (32 & 64) Vulnerabilities, published on the ICS-CERT Web site on March 20, 2011. An independent security researcher has published 13 vulnerabilities with proof of concept (PoC) code for the ICONICS GENESIS32 and GENESIS64 human-machine interface (HMI)/supervisory control and data acquisition (SCADA) products. The 13 remotely exploitable vulnerabilities exploit the GenBroker.exe service on Port 38080/TCP. The researcher states that the vulnerabilities fall within two classifications: twelve involve integer overflows;a one involves memory corruption.b After the aforementioned vulnerabilities were disclosed, a second, security researcher, Joel Langill of SCADAhacker,c is coordinating with the ICS-CERT on another vulnerability in the ICONICS GENESIS products. Mr. Langill reported a vulnerability in the SafeNet Sentinel License Monitor httpd 7.3 service on Port 6002/TCP, which is used by the ICONICS GENESIS32 and GENESIS64 application suites. That vulnerability is based on a previously reported vulnerability in the SafeNet Sentinel License Monitor service.d An attacker could exploit this vulnerability to allow directory traversal on the host machine. ICONICS has validated the reported vulnerabilities and released a software update that addresses all identified vulnerabilities. ICS-CERT has verified that the update released by ICONICS fully addresses all reported vulnerabilities."
},
{
"icsa_id": "ICSA-11-110-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-110-01",
"icsa_release": "2011-04-20T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "RealFlex RealWin Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "RealFlex Technologies",
"icsa_oneliner": " This ICS-CERT Advisory is a follow-up to the ICS-CERT Alert titled, “ICS-ALERT-11-080-04—Multiple Vulnerabilities in RealFlex RealWin.” An independent researcher has published exploit code for seven vulnerabilities identified in RealFlex Technologies’ RealWin 2.1.10 Demo Supervisory Control and Data Acquisition (SCADA) product. Multiple functions listening on Port 910/TCP are susceptible to heap and stacked-based buffer overflow vulnerabilities. The heap and stack buffer overflows may allow an attacker to remotely execute arbitrary code. RealFlex has released a new version (Version 2.1.12) of their free demo software that mitigates these vulnerabilities. ICS-CERT has verified that these vulnerabilities do not affect the RealFlex RealWin commercial version and that Version 2.1.12 resolves the vulnerabilities in the demo version."
},
{
"icsa_id": "ICSA-11-119-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-119-01",
"icsa_release": "2011-04-29T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "7-Technologies IGSS ODBC Remote Stack Overflow",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " Security researcher James Burton of Insomnia Security has released details of a remote stack overflow vulnerability affecting 7-Technologies (7T) Interactive Graphical SCADA System (IGSS). This vulnerability exists in the IGSS Open Database Connectivity (ODBC) service running on Port 22202/TCP by default. ICS-CERT has confirmed that Insomnia Security and 7T coordinated this vulnerability prior to public release of this report. 7T has issued an update addressing this vulnerability. ICS-CERT has received confirmation that Insomnia Security has validated the effectiveness of 7T’s update in resolving the reported vulnerability."
},
{
"icsa_id": "ICSA-11-122-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-122-01",
"icsa_release": "2011-06-24T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "AzeoTech DAQFactory Networking Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "AzeoTech",
"icsa_oneliner": " ICS-CERT Advisory ICSA-11-122-01 was originally released to the US-CERT Portal on May 24, 2011. This web site release was delayed to allow users sufficient time to download and install the upgrade. ICS-CERT received a report from the nSense Vulnerability Coordination Team concerning several vulnerabilities in AzeoTech DAQFactory. ICS-CERT has worked with nSense and AzeoTech to validate the vulnerabilities and create a mitigation strategy, included below. Azeotech has created a new version (Version 5.85, Build 1842) to resolve these vulnerabilities. Users who do not require the networking capability can easily adjust the system settings in their existing versions to disable the vulnerable feature. The default settings for future releases (Versions 5.85 and newer) will be changed to mitigate the vulnerability. ICS-CERT has confirmed that both Version 5.85 and disabling the vulnerable feature in older versions successfully mitigates this vulnerability."
},
{
"icsa_id": "ICSA-11-126-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-126-01",
"icsa_release": "2011-05-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "7-Technologies IGSS Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-11-080-03 7-Technologies IGSS Vulnerabilities, published on the ICS-CERT Web site on March 20, 2011. An independent researcher has identified eight vulnerabilities in 7-Technologies (7T) IGSS SCADA human-machine interface (HMI) application. Each of the identified vulnerabilities includes proof-ofconcept (PoC) exploit code. The researcher identified the following vulnerability types: Stack-based buffer overflowsPath traversalString formattingLocal arbitrary code execution (dc.exe). Seven of these vulnerabilities occur in IGSSdataServer service on Port 12401/TCP. The eighth vulnerability is identified in the Data Collection application (dc.exe) on Port 12397/TCP. Both vulnerable services run as part of the IGSS application suite. The IGSS Data Server is responsible for data transmission between the IGSS server and the operator stations. All vulnerabilities are remotely exploitable and can allow denial of service, path traversal, and arbitrary code execution. After these original eight vulnerabilities were identified, Joel Langill of SCADAhackera discovered and coordinated with ICS-CERT a ninth vulnerability. This new vulnerability is directly leveraged off one of the original vulnerabilities, specifically local arbitrary code execution affecting the Data Collection application (dc.exe) on Port 12397/TCP. An attacker could exploit this additional vulnerability to conduct simultaneous directory traversal and arbitrary programs execution on the host machine. 7T has developed a patch that resolves the reported vulnerabilities. ICS-CERT has validated the patch."
},
{
"icsa_id": "ICSA-11-131-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-131-01",
"icsa_release": "2011-05-11T00:00:00",
"icsa_update": "2013-08-28T00:00:00",
"icsa_description": "ICONICS GENESIS32 and BizViz ActiveX Stack Overflow",
"icsa_is_update": "1",
"icsa_vendor": "ICONICS",
"icsa_oneliner": " Security researchers Scott Bell and Blair Strang of Security-Assessment.com have released a report detailing a stack overflow vulnerability affecting ICONICS GENESIS32 and BizViz products. The vulnerable ActiveX control, GenVersion.dll, is a component of WebHMI, which is incorporated in both GENESIS32 and BizViz products. Successful exploitation of this vulnerability allows remote arbitrary code execution. ICS-CERT has confirmed that ICONICS has issued a patch that addresses this vulnerability. ICONICS confirmed that Security-Assessment.com has validated that this patch fully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-132-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-132-01A",
"icsa_release": "2011-06-06T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "7-Technologies IGSS Denial of Service (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT has become aware of multiple denial-of-service (DoS) vulnerabilities in the 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) supervisory control and data acquisition (SCADA) human-machine interface (HMI) application. All vulnerabilities are remotely exploitable. 7T has developed patches that resolve the reported vulnerabilities in the affected versions."
},
{
"icsa_id": "ICSA-11-147-01B",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-147-01B",
"icsa_release": "2011-06-02T00:00:00",
"icsa_update": "2013-08-28T00:00:00",
"icsa_description": "Ecava IntegraXor DLL Hijacking (Update B)",
"icsa_is_update": "1",
"icsa_vendor": "Ecava",
"icsa_oneliner": " This advisory is a follow-up to ICS-ALERT-10-362-01—Ecava IntegraXor DLL Hijacking. ICS-CERT has become aware of a Uncontrolled Search Path Element vulnerability, commonly referred to as DLL Hijacking, in the Ecava IntegraXor supervisory control and data acquisition (SCADA) product. ICS-CERT has worked with Ecava to validate the vulnerability. Ecava has developed a patch release for IntegraXor to address this vulnerability. ICS-CERT has validated the patch."
},
{
"icsa_id": "ICSA-11-147-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-147-02",
"icsa_release": "2011-05-27T00:00:00",
"icsa_update": "2013-04-30T00:00:00",
"icsa_description": "Ecava IntegraXor XSS",
"icsa_is_update": "1",
"icsa_vendor": "Ecava",
"icsa_oneliner": " ICS-CERT received a report from an anonymous security reseacher concerning several cross site scripting (XSS) vulnerabilities in the Ecava IntegraXor SCADA product. ICS-CERT has worked with the reseacher and Ecava to validate these vulnerabilities. Ecava has developed a patch release of IntegraXor to address these vulnerabilities. The independent security reseacher has validated this patch."
},
{
"icsa_id": "ICSA-11-161-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-161-01",
"icsa_release": "2011-06-10T00:00:00",
"icsa_update": "2013-08-29T00:00:00",
"icsa_description": "Rockwell RSLinx EDS Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "Rockwell Automation",
"icsa_oneliner": " ICS-CERT has received a report from Michael Orlando of CERT Coordination Center (CERT/CC) identifying a vulnerability in Rockwell Automation Electronic Data Sheet (EDS) Hardware Installation Tool. This tool is bundled with RSLinx Classic for normal distribution. The install tool exhibits a buffer overflow vulnerability when parsing improperly formatted EDS files. This vulnerability is likely exploitable and could allow remote code execution, though that would require significant user interaction. Rockwell Automation has released a patch that has been verified by CERT/CC."
},
{
"icsa_id": "ICSA-11-167-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-167-01",
"icsa_release": "2011-06-16T00:00:00",
"icsa_update": "2019-01-02T00:00:00",
"icsa_description": "Sunway Force Control",
"icsa_is_update": "1",
"icsa_vendor": "Sunway",
"icsa_oneliner": " ICS-CERT has received a report from Security researcher Dillon Beresford of NSS Labs concerning vulnerabililities affecting Sunway ForceControl and pNetPower SCADA/HMI applications. The reported vulnerabilities are heap-based buffer overflows that could result in a denial of service or the execution of arbitrary code. ICS-CERT has coordinated with the researcher, China National Vulnerability Database (CNVD), and Sunway to ensure full remediation of the reported vulnerabilities. Sunway has issued two patches that address both vulnerabilities. CNVD has confirmed the effectiveness of the patches issued by Sunway. Neither ICS-CERT nor the researcher has validated these patches. Sunway has issued a security bulletin describing their response."
},
{
"icsa_id": "ICSA-11-168-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-168-01A",
"icsa_release": "2011-06-24T00:00:00",
"icsa_update": "2013-10-28T00:00:00",
"icsa_description": "InduSoft ISSymbol ActiveX Control Buffer Overflow (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "InduSoft",
"icsa_oneliner": " Security researcher Dmitriy Pletnevo of Secunia Research1 has released details of multiple overflow vulnerabilities affecting the InduSoft ISSymbol ActiveX control. The researcher identified both stack-based and heap-based buffer overflows. Successful exploitation of these vulnerabilities allows execution of arbitrary code."
},
{
"icsa_id": "ICSA-11-173-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-173-01",
"icsa_release": "2011-08-25T00:00:00",
"icsa_update": "2013-08-29T00:00:00",
"icsa_description": "ClearSCADA Remote Authentication Bypass",
"icsa_is_update": "1",
"icsa_vendor": "Schneider Electric",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-173-01P “ClearSCADA Remote Authentication Bypass”, on the US-CERT Portal on June 22, 2011. This web page release was delayed to allow users sufficient time to download and install this update. Independent security researcher Jeremy Brown has identified an authentication bypass vulnerability in the Control Microsystems ClearSCADA application. Control Microsystems has produced a new version that mitigates this vulnerability. ICS-CERT has tested the new version to validate that it is fixed."
},
{
"icsa_id": "ICSA-11-175-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-175-01",
"icsa_release": "2011-06-24T00:00:00",
"icsa_update": "2013-04-26T00:00:00",
"icsa_description": "Rockwell FactoryTalk Diag Viewer Memory Corruption",
"icsa_is_update": "1",
"icsa_vendor": "Rockwell Automation",
"icsa_oneliner": " Independent security researchers Billy Rios and Terry McCorkle have coordinated with ICS-CERT on a memory corruption vulnerability that affects Rockwell’s Automation FactoryTalk Diagnostics Viewer product.By using a specially crafted FactoryTalk Diagnostics Viewer configuration file, an attacker could possibly cause a memory corruption that allows the execution of arbitrary code. According to Rockwell Automation, this issue has been resolved in later versions of the FactoryTalk Diagnostics Viewer, starting with V2.30.00 (CPR9 SR3). ICS-CERT has not validated this update."
},
{
"icsa_id": "ICSA-11-175-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-175-02",
"icsa_release": "2011-07-01T00:00:00",
"icsa_update": "2013-08-12T00:00:00",
"icsa_description": "Siemens WinCC Exploitable Crashes",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning exploitable crashes in the Siemens SIMATIC WinCC SCADA product. Specially crafted files can cause memory corruption or pointer issues, which can cause the system to crash. ICS-CERT has coordinated with the researchers and Siemens to assist with releasing an update that successfully mitigates these vulnerabilities. The researchers have validated that this update successfully mitigates these vulnerabilities."
},
{
"icsa_id": "ICSA-11-182-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-182-01",
"icsa_release": "2011-07-01T00:00:00",
"icsa_update": "2018-09-05T00:00:00",
"icsa_description": "ICONICS GENESIS32 and BizViz ActiveX Trusted Zone Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "ICONICS",
"icsa_oneliner": " ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning ICONICS GENESIS32 and BizViz products. This vulnerability involves a design issue in a GENESIS32 ActiveX control that can set an arbitrary domain to the trusted zone. ICONICS has validated the researchers’ claims for multiple versions of GENESIS32 and BizViz. ICS-CERT has coordinated this vulnerability report with ICONICS and they have released a patch that addresses the vulnerability. The researchers have validated that the patch mitigates the reported vulnerabilities."
},
{
"icsa_id": "ICSA-11-182-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-182-02",
"icsa_release": "2011-07-01T00:00:00",
"icsa_update": "2013-08-28T00:00:00",
"icsa_description": "ICONICS Login ActiveX Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "ICONICS",
"icsa_oneliner": " ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning a vulnerability that affects ICONICS GENESIS32 and BizViz products. This vulnerability includes a crash in the Security Login controls used by GENESIS32 due to a buffer overflow. ICONICS has validated the researchers’ claims for the multiple versions of GENESIS32 and BizViz. ICS-CERT has coordinated these vulnerability reports with ICONICS and they have released a patch that addresses the vulnerability. The researchers have validated that the patches mitigate the reported vulnerability."
},
{
"icsa_id": "ICSA-11-189-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-189-01",
"icsa_release": "2011-07-08T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "7-Technologies IGSS Remote Memory Corruption",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies (7T) by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-195-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-195-01",
"icsa_release": "2011-07-26T00:00:00",
"icsa_update": "2013-05-01T00:00:00",
"icsa_description": "Wonderware Information Server",
"icsa_is_update": "1",
"icsa_vendor": "Invensys",
"icsa_oneliner": " ICS-CERT Advisory ICSA-11-195-01P was originally released to the US-CERT Portal on July 14, 2011. This web page release was delayed to allow users sufficient time to download and install the update.Independent security researchers Billy Rios and Terry McCorkle have identified a stack-based buffer overflow vulnerability that exists in two different ActiveX controls used by the Wonderware Information Server product. Successful exploitation of this vulnerability could allow remote code execution on a client running vulnerable versions of the software.ICS-CERT has coordinated with the researchers and Invensys. Invensys has issued a patch to address this vulnerability. The researchers have confirmed this patch fully resolves this reported vulnerability in both vulnerable ActiveX controls."
},
{
"icsa_id": "ICSA-11-216-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-216-01",
"icsa_release": "2011-09-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Scadatec Limited Procyon Telnet Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Scadatec Limited",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-216-01P on the US-CERT Portal on August 04, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from Knud Højgaard of the nSense Vulnerability Coordination Team concerning a vulnerability in the Scadatec Limited Procyon human-machine interface/supervisory control and data acquisition (HMI/SCADA) product. This vulnerability could allow an attacker to establish a connection to the Telnet daemon, bypassing proper authentication, and exploit a buffer overflow that could lead to a denial of service (DoS) or remote code execution. ICS-CERT has been working with nSense and Scadatec Limited to validate this vulnerability. Scadatec Limited has created a new version (V1.14) of the Procyon product that fully resolves this issue. nSense has confirmed that Procyon Version V1.14 successfully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-223-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-223-01A",
"icsa_release": "2011-08-22T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Siemens SIMATIC PLCs Reported Issues Summary (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " ICS-CERT has been coordinating multiple reports of issues affecting various models within the Siemens SIMATIC Step 7 (S7) programmable logic controller (PLC) product line. ICS-CERT has coordinated the issues with both Siemens and the researcher and continues to work with both entities. A portion of the reported issues involve commands being transmitted using the International Organization for Standardization Transport Service Access Point (ISO-TSAP) protocol. According to ICS-CERT analysis, the ISO-TSAP protocol is functioning to specifications; however, authentication is not performed nor are payloads encrypted or obfuscated. Like ISO-TSAP, many protocols used in industrial control systems (ICSs) were designed with interoperability in mind and were intentionally designed without security features to be as open as possible. As a result, improving ICS security may require extensive architectural changes, including the addition of built-in or layered-on techniques to enhance protocol security. Changes necessary to improve protocol security could negatively impact interoperability and performance. Some of the reported issues were coordinated and resolved with ICS-CERT and Siemens, while others were publicly released by the researcher without coordination. ICS-CERT’s Vulnerability Disclosure Policy encourages researchers to work directly with ICS-CERT and/or the affected vendor to disclose previously unknown vulnerabilities, so that patches and mitigations can be prepared and asset owners have adequate time to test and deploy them. Unless extenuating circumstances arise (e.g., active exploitation, threats of an especially serious nature, or danger to public health and safety), coordinated vulnerabilities are not publicly announced until patches/mitigations are available. The intent of this advisory is to provide a summary of the various alerts and notices as well as other public information available to date. Some ICS-CERT products related to these reports are only available on the US-CERT Portal. Asset owners and operators can request access to the US-CERT Portal by sending an e-mail message to [email protected]. Table 1 outlines the public ICS-CERT Alerts that are currently available on the ICS-CERT website. Additional ICS-CERT products are available on the US-CERT Portal. Table 1. ICS-CERT Siemens S7 Alert summary."
},
{
"icsa_id": "ICSA-11-231-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-231-01",
"icsa_release": "2011-08-19T00:00:00",
"icsa_update": "2013-04-22T00:00:00",
"icsa_description": "Inductive Automation Ignition Information Disclosure Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "Inductive Automation",
"icsa_oneliner": " ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI (Plant Management Interface), offered by Inductive Automation. This vulnerability allows unauthorized users to download files containing important information about the system and project. ICS-CERT has worked with Inductive Automation and Rubén Santamarta to confirm this vulnerability, and Inductive Automation has issued a patch to address it. ICS-CERT has validated that this patch fully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-243-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-243-01",
"icsa_release": "2011-11-01T00:00:00",
"icsa_update": "2013-04-20T00:00:00",
"icsa_description": "GE Intelligent Platforms Proficy Plant Applications Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "GE",
"icsa_oneliner": " ICS CERT originally released Advisory ICSA-11-243-01P on the US-CERT secure Portal on August 31, 2011. This web page release was delayed to allow users time to download and install the update. ICS-CERT has received a report from GE concerning a stack-based buffer overflow vulnerability in the GE Intelligent Platform Proficy Plant Applications software suite. ICS-CERT has coordinated with GE Intelligent Platforms to validate this vulnerability, and GE has created a patch to address the issue. ICS-CERT has validated that the patch fully resolves this issue."
},
{
"icsa_id": "ICSA-11-243-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-243-02",
"icsa_release": "2011-10-31T00:00:00",
"icsa_update": "2013-04-20T00:00:00",
"icsa_description": "GE Proficy Historian Web Administrator XSS",
"icsa_is_update": "1",
"icsa_vendor": "GE",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-243-02P on the US-CERT secure Portal on August 31, 2011. ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning multiple cross-site scripting (XSS) vulnerabilities in the GE Intelligent Platforms Proficy Historian Web Administrator software. ICS-CERT has coordinated this vulnerability with GE and the researchers, and GE has made recommendations to reduce the potential attack surface. The affected product, Historian Web Administrator with Proficy Historian, is considered by GE to be a legacy component; as a result, GE is not issuing a patch for this vulnerability."
},
{
"icsa_id": "ICSA-11-243-03A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-243-03A",
"icsa_release": "2011-11-28T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "GE",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-243-03P on the US-CERT secure Portal on August 31, 2011. This web page release was delayed to allow users time to download and install the update. ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning a stack-based buffer overflow vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver."
},
{
"icsa_id": "ICSA-11-244-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-244-01",
"icsa_release": "2011-09-06T00:00:00",
"icsa_update": "2018-08-23T00:00:00",
"icsa_description": "Siemens WinCC Flexible Runtime Heap Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-244-01P on the US-CERT secure Portal on September 01, 2011. This web page release was delayed to allow users sufficient time to download and install the update. Independent security researchers Billy Rios and Terry McCorkle have reported a memory corruption vulnerability in the WinCC Runtime Advanced Loader, which is a component of both Siemens SIMATIC WinCC flexible and TIA Portal. ICS-CERT has coordinated with Siemens and the researchers. Siemens has not issued a patch to address this vulnerability. However, Siemens has provided recommended mitigations to assist asset owners with protecting their systems."
},
{
"icsa_id": "ICSA-11-263-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-263-01",
"icsa_release": "2011-09-20T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Measuresoft ScadaPro Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Measuresoft",
"icsa_oneliner": " This Advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-04 Measuresoft ScadaPro” that was published September 13, 2011, on the ICS-CERT website. ICS-CERT is aware of a public report of three vulnerabilities with proof-of-concept (PoC) exploit code affecting Measuresoft ScadaPro. According to the report, the vulnerabilities include a stack buffer overflow, an insecure method call, and a path traversal, which are all remotely exploitable through Port 11234/UDP. This report was released publicly without coordination with either the vendor or ICS-CERT. Attribution for the discovery of these vulnerabilities is not provided in this advisory because no prior coordination occurred with the vendor, ICS-CERT, or other coordinating body. ICS-CERT encourages researchers to coordinate vulnerability details before public release. The public release of vulnerability details prior to the development of proper mitigations may put industrial control systems (ICSs) and the public at avoidable risk. ICS-CERT has coordinated with Measuresoft, which has produced a fix that resolves these vulnerabilities. The fix has been tested to validate that it resolves the vulnerabilities."
},
{
"icsa_id": "ICSA-11-264-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-264-01",
"icsa_release": "2011-09-21T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "AzeoTech DAQFactory Stack Overflow",
"icsa_is_update": "1",
"icsa_vendor": "AzeoTech",
"icsa_oneliner": " This advisory is a follow-up to the alert titled “ICS-ALERT-11-256-02—AzeoTech DAQFactory Stack Overflow” that was published September 13, 2011, on the ICS-CERT web page. ICS-CERT is aware of a public report of one stack overflow vulnerability with proof-of-concept (POC) exploit code affecting AzeoTech DAQFactory, a SCADA/HMI Product. According to the report, the vulnerability is exploitable via a service running on Port 20034/UDP. The report was released without coordinating with either the vendor or ICS-CERT. ICS-CERT has coordinated with AzeoTech, which has produced an upgrade that resolves the vulnerability. ICS-CERT has not validated the upgrade. Attribution for the vulnerability discovery is not provided in this advisory because no prior coordination occurred with the vendor, ICS-CERT, or other coordinating body. ICS-CERT encourages researchers to coordinate vulnerability details before public release. The public release of vulnerability details prior to the development of proper mitigations may put industrial control systems (ICSs) and the public at avoidable risk."
},
{
"icsa_id": "ICSA-11-273-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-273-01",
"icsa_release": "2011-09-30T00:00:00",
"icsa_update": "2013-08-28T00:00:00",
"icsa_description": "ICONICS GENESIS32 Multiple Memory Corruption",
"icsa_is_update": "1",
"icsa_vendor": "ICONICS",
"icsa_oneliner": " Independent security researchers Billy Rios and Terry McCorkle have identified eight memory corruption vulnerabilities affecting the ICONICS GENESIS32 product. GENESIS32 is a web-deployable human-machine interface (HMI) supervisory control and data acquisition (SCADA) product. These vulnerabilities affect ScriptWorX32, GraphWorX32, and the AlarmWorX32 and TrendWorX32 containers that run as part of the GENESIS32 application. ICONICS has validated the reported vulnerabilities and has produced patches that address them. ICS-CERT has validated each of the patches and has confirmed that they resolve these vulnerabilities."
},
{
"icsa_id": "ICSA-11-273-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-273-02",
"icsa_release": "2011-09-30T00:00:00",
"icsa_update": "2013-10-28T00:00:00",
"icsa_description": "InduSoft ISSymbol ActiveX Control Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "InduSoft",
"icsa_oneliner": " ICS-CERT has received a report from independent security researcher Dmitriy Pletnev of Secunia Research about ActiveX control buffer overflow vulnerabilities with proof-of-concept exploit code affecting the InduSoft ISSymbol product. Secunia has coordinated with InduSoft, who has produced a patch that mitigates these vulnerabilities. ICS-CERT has not validated the patch."
},
{
"icsa_id": "ICSA-11-273-03A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-273-03A",
"icsa_release": "2011-10-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Rockwell RSLogix Overflow Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Rockwell Automation",
"icsa_oneliner": " This updated advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-05A—Rockwell RSLogix Overflow Vulnerability” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page. ICS-CERT is aware of a public report of an overflow vulnerability in Rockwell Automation’s RSLogix application that could lead to a denial-of-service condition."
},
{
"icsa_id": "ICSA-11-277-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-277-01",
"icsa_release": "2011-10-20T00:00:00",
"icsa_update": "2013-05-07T00:00:00",
"icsa_description": "Schneider Electric UnitelWay Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Schneider Electric",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-277-01P on the US-CERT secure Portal on October 04, 2011. This web page release was delayed to allow users sufficient time to download and install the update. Researcher Kuang-Chun Hung of Security Research and Service Institute—Information and Communication Security Technology Center (ICST) has identified a buffer overflow vulnerability in UnitelWay Windows Device Driver. This device driver is deployed as part of several different Schneider Electric products. ICS-CERT has coordinated this vulnerability report with Schneider Electric. The vendor has produced a fix that resolves this vulnerability. ICST has successfully tested and validated that this fix fully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-279-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-279-01",
"icsa_release": "2011-11-04T00:00:00",
"icsa_update": "2013-10-28T00:00:00",
"icsa_description": "Advantech OPC Server Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Advantech",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-279-01P on the US-CERT secure Portal on October 06, 2011. This web page release was delayed to allow users time to download and install the update. Security research and service institute Information and Communication Security Technology Center (ICST) has identified a buffer overflow vulnerability that affects multiple Advantech OPC (OLE for Process Control) Server products. This vulnerability may allow remote code execution and elevated user privileges. Advantech has produced a new software version that mitigates this vulnerability. ICST has tested the new version and confirmed that it fully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-279-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-279-02",
"icsa_release": "2011-11-07T00:00:00",
"icsa_update": "2014-03-12T00:00:00",
"icsa_description": "CitectSCADA and Mitsubishi MX4 SCADA Batch Server Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "Mitsubishi Electric Automation, Schneider Electric",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-279-02P on the US-CERT secure Portal on October 06, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center (ICST) has reported a buffer overflow affecting Mitsubishi MX4 Supervisory Control and Data Acquisition (SCADA). Upon further investigation, MX4 SCADA was found to be a version of CitectSCADA, a product offered by Schneider Electric. This Advisory includes a full list of known affected products. A buffer overflow vulnerability resides in a third-party component used by the CitectSCADA and MX4 SCADA Batch products. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. ICS-CERT has coordinated the researcher’s vulnerability report with Schneider Electric. Schneider Electric has issued a patch to address the reported vulnerability. The researcher has confirmed the patch is effective in addressing the vulnerability. Schneider Electric has provided the patch to Mitsubishi for distribution to MX4 SCADA customers."
},
{
"icsa_id": "ICSA-11-279-03A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-279-03A",
"icsa_release": "2011-10-12T00:00:00",
"icsa_update": "2013-05-08T00:00:00",
"icsa_description": "Unitronics UNIOPC Server Input Handling Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Unitronics",
"icsa_oneliner": " Independent security researchers Billy Rios and Terry McCorkle have identified a vulnerability in Unitronics’ UniOPC Server product. --------- Begin Update A Part 1 of 3 -------- This vulnerability is a result of improper handling of input by a third-party component, https50.ocx, which is part of “IP*Works! SSL.”1 --------- Begin End A Part 1 of 3 -------- IP*Works! is used in the UniOPC product. Successful exploitation of this vulnerability results in a crash and could result in the execution of arbitrary code. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has coordinated with Unitronics and the security researchers. Unitronics has released a new version that does not contain the vulnerable component. The researchers have confirmed that the vulnerable component is not present in the new version. However, customers installing the new version on a system that had previously contained an affected version of UniOPC are still vulnerable as the update does not remove the vulnerable component."
},
{
"icsa_id": "ICSA-11-279-04",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-279-04",
"icsa_release": "2011-10-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Beckhoff TwinCAT Read Access Violation",
"icsa_is_update": "1",
"icsa_vendor": "Beckhoff",
"icsa_oneliner": " This Advisory is a follow-up to the Alert, ICS-ALERT-11-256-06—BECKHOFF TWINCAT READ ACCESS VIOLATION, that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page. ICS-CERT is aware of a public report of a read access violation vulnerability in Beckhoff’s TwinCAT Software that could lead to a denial-of-service condition. Beckhoff has produced a patch to address this vulnerability in TwinCAT Software."
},
{
"icsa_id": "ICSA-11-280-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-280-01",
"icsa_release": "2011-10-07T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Cogent DataHub Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Cogent Real-Time Systems Inc",
"icsa_oneliner": " This Advisory is a follow-up to the Alert, “ICS-ALERT-11-256-03—COGENT DATAHUB VULNERABILITIES,” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page. ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include denial-of-service, information leakage, and remote code execution. Cogent has produced a patch that resolves these vulnerabilities in DataHub."
},
{
"icsa_id": "ICSA-11-285-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-285-01",
"icsa_release": "2011-10-12T00:00:00",
"icsa_update": "2013-04-30T00:00:00",
"icsa_description": "Honeywell TEMA Remote Installer ActiveX Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "Honeywell",
"icsa_oneliner": " Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received a report from independent security researchers Billy Rios and Terry McCorkle concerning a vulnerability affecting Honeywell Enterprise Buildings Integrator (EBI) software systems that have Temaline physical access control products installed. Temaline client products use the Tema Remote Installer to download and install required Tema components for client workstation access. Tema Remote Installer uses DownloadURL() ActiveX function configured to ignore file authentication. This misuse of an ActiveX function allows download and installation of any MSI file without checking source authenticity or user notification. ICS-CERT has coordinated this vulnerability report with Honeywell and the researchers. Honeywell has released two patches resolving this vulnerability. ICS-CERT has validated that these patches resolve the reported vulnerability."
},
{
"icsa_id": "ICSA-11-294-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-294-01",
"icsa_release": "2011-10-21T00:00:00",
"icsa_update": "2014-01-24T00:00:00",
"icsa_description": "Progea Movicon Power HMI Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Progea",
"icsa_oneliner": " This advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-01 – Progea Movicon PowerHMI Vulnerabilities” that was published September 13, 2011, on the ICS-CERT web page. Two buffer overflow and one memory corruption vulnerability were disclosed affecting the Progea Movicon’s PowerHMI product. ICS-CERT has coordinated these vulnerabilities with Progea and they have produced a hotfix that mitigates these vulnerabilities."
},
{
"icsa_id": "ICSA-11-298-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-298-01A",
"icsa_release": "2011-12-26T00:00:00",
"icsa_update": "2013-04-23T00:00:00",
"icsa_description": "Sielco Sistemi Winlog Buffer Overflow (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Sielco Sistemi",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-298-01P on the US-CERT secure portal on October 25, 2011. This web page release was delayed to allow users time to download and install the update. Independent researcher Paul Davis has identified a buffer overflow vulnerability in Sielco Sistemi Winlog application. Sielco Sistemi has produced a new release that mitigates this vulnerability. Mr. Davis has indicated to ICS-CERT that he has tested the new release and validated that it resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-307-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-307-01",
"icsa_release": "2011-11-27T00:00:00",
"icsa_update": "2013-05-07T00:00:00",
"icsa_description": "Schneider Electric Vijeo Historian Web Server Multiple Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Schneider Electric",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-307-01P on the US-CERT secure Portal on November 03, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Security Research and Service Institute--Information and Communication Security Technology Center (ICST) has identified four vulnerabilities in the Schneider Electric Vijeo Historian product line. These vulnerabilities include a denial of service (DoS), buffer overflow, a cross-site scripting (XSS), and a directory traversal. ICS-CERT has coordinated this report with Schneider Electric and ICST. Schneider has produced a fix that resolves these vulnerabilities. ICST has tested this fix and validated that it fully resolves these vulnerabilities."
},
{
"icsa_id": "ICSA-11-314-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-314-01",
"icsa_release": "2012-12-11T00:00:00",
"icsa_update": "2013-08-29T00:00:00",
"icsa_description": "Safenet Sentinel and 7-T Input Sanitization Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "SafeNet",
"icsa_oneliner": " ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input sanitization vulnerability in SafeNet Sentinel HASP Software Rights Management (HASP-SRM) license management application. ICS-CERT has coordinated the researcher’s vulnerability report with SafeNet, and SafeNet has produced an updated version that mitigates this vulnerability. Mr. Penagos has tested the updated version and validates that it resolves the vulnerability."
},
{
"icsa_id": "ICSA-11-319-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-319-01",
"icsa_release": "2011-11-14T00:00:00",
"icsa_update": "2014-03-12T00:00:00",
"icsa_description": "InduSoft Web Studio Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "InduSoft",
"icsa_oneliner": " ICS-CERT has become aware of a report from the Zero Day Initiative concerning two vulnerabilities in the InduSoft Web Studio software. This information was reported to Zero Day Initiative by independent security researcher Luigi Auriemma. These vulnerabilities exploit unauthenticated remote code execution within the CEServer Operation and the CEServer.exe directories. Zero Day Initiative has coordinated with InduSoft, who has produced a patch that mitigates these vulnerabilities."
},
{
"icsa_id": "ICSA-11-332-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-332-01A",
"icsa_release": "2012-01-01T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Wonderware InBatch ActiveX Vulnerabilities (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Invensys",
"icsa_oneliner": " ICS-CERT originally released advisory “ICSA-11-332-01P—Invensys Wonderware InBatch ActiveX Vulnerabilities” in the US-CERT secure portal on November 28, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Security Research and Service Institute-Information and Communication Security Technology Center (ICST) has identified three vulnerabilities in Invensys Wonderware InBatch. These vulnerabilities exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components. ICS-CERT has coordinated the report with the ICST and Invensys. Invensys has issued software updates that resolve these vulnerabilities. The ICST has confirmed the software updates fully resolve the reported vulnerabilities."
},
{
"icsa_id": "ICSA-11-335-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-335-01",
"icsa_release": "2011-12-19T00:00:00",
"icsa_update": "2013-08-12T00:00:00",
"icsa_description": "7-Technologies Data Server Denial of Service",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT originally released advisory “ICSA-11-335-01P - 7-Technologies Data Server Denial of Service” in the US-CERT secure portal on December 01, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher UCQ from the Cyber Defense Institute, Inc. has identified a buffer overflow vulnerability in the 7-Technologies (7T) IGSS Data Server application. ICS-CERT has coordinated with 7T, which has produced a patch to resolve this vulnerability. The Cyber Defense Institute, Inc. has tested the patch and confirmed that it resolves the reported vulnerability."
},
{
"icsa_id": "ICSA-11-340-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-340-01",
"icsa_release": "2011-12-06T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities",
"icsa_is_update": "0",
"icsa_vendor": "ARC Informatique",
"icsa_oneliner": " This Advisory is a follow-up to the Alert, “ICS-ALERT-11-271-01 - ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities.”ICS-CERT is aware of publicly and privately disclosed reports of four vulnerabilities in ARC Informatique’s PcVue application. These vulnerabilities include: potential to write memorypossible file corruptionremote code executiondenial of service. Independent researcher Kuang-Chun Hung of Security Research and Service Institute Information and Communication Security Technology Center (ICST) privately identified a buffer overflow vulnerability in ARC Informatique’s PcVue application.Independent researcher Luigi Auriemma publicly disclosed four vulnerabilities along with proof-of-concept (PoC) exploit code, including the vulnerability privately disclosed by ICST, without coordination with ARC Informatique, ICS-CERT, or any other coordinating entity known to ICS-CERT.ARC Informatique has confirmed these vulnerabilities and has released a patch to address the issue. Researcher Kuang-Chun Hung has tested the patch and validated that it resolves these vulnerabilities."
},
{
"icsa_id": "ICSA-11-343-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-343-01",
"icsa_release": "2012-01-03T00:00:00",
"icsa_update": "2013-05-08T00:00:00",
"icsa_description": "Siemens FactoryLink Multiple ActiveX Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-343-01P on the US-CERT secure portal on December 09, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center (ICST) has identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application. The report included buffer overflow and data corruption vulnerabilities.1 ICS-CERT has coordinated with Siemens; Siemens has released a patch that addresses the identified vulnerabilities. ICS-CERT has confirmed that the Siemens patch resolves the reported vulnerabilities."
},
{
"icsa_id": "ICSA-11-353-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-353-01",
"icsa_release": "2012-01-15T00:00:00",
"icsa_update": "2013-04-18T00:00:00",
"icsa_description": "7-Technologies Interactive Graphical SCADA",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-11-353-01P on the US-CERT secure portal on December 19, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Security Research and Service Institute--Information and Communication Security Technology Center (ICST) has identified an unsafe search path vulnerability in the 7-Technologies (7T) IGSS Interactive Graphical SCADA System. 7T produced a patch that fixes this vulnerability. ICST tested this patch and verified that it fully resolves this vulnerability."
},
{
"icsa_id": "ICSA-11-355-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-355-01",
"icsa_release": "2011-12-20T00:00:00",
"icsa_update": "2013-04-30T00:00:00",
"icsa_description": "7-Technologies IGSS Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " Security researcher Celil Unuver (SignalSEC LLC1) has identified a buffer overflow vulnerability in the 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) product. Successful exploitation of this vulnerability could result in a denial of service (DoS) or the execution of arbitrary code. ICS-CERT has coordinated this vulnerability report with 7T and they have produced a patch that resolves this vulnerability. The researcher has confirmed that the patch fully resolves the reported vulnerability."
},
{
"icsa_id": "ICSA-11-355-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-355-02",
"icsa_release": "2011-12-10T00:00:00",
"icsa_update": "2013-04-26T00:00:00",
"icsa_description": "WellinTech KingView History Server Buffer Overflow",
"icsa_is_update": "1",
"icsa_vendor": "WellinTech",
"icsa_oneliner": " ICS-CERT has received a report from the Zero Day Initiative (ZDI) concerning a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma. WellinTech has produced a patch that is available for download from its website."
},
{
"icsa_id": "ICSA-11-356-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-356-01",
"icsa_release": "2011-12-22T00:00:00",
"icsa_update": "2013-04-22T00:00:00",
"icsa_description": "Siemens Simatic HMI Authentication Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " ICS-CERT is aware of a public report by independent security researchers Billy Rios and Terry McCorkle concerning authentication bypass vulnerabilities affecting Siemens SIMATIC HMI products which are supervisory control and data acquisition/human-machine interface (SCADA/HMI) products. According to this report, systems running affected versions of this product are accessible using a default username and password. These systems also generate an insecure authentication token for browser sessions. Prior to public disclosure, the researchers notified ICS-CERT of the vulnerabilities. ICS-CERT is continuing to coordinate mitigations with the researchers and Siemens. Siemens was previously aware of these vulnerabilities and intends to address them in Service Packs to be released in January 2012. Please see mitigation section of this document for additional information regarding the release of the Service Packs. Siemens has also updated its product documentation with instructions for configuring a strong password and removing default passwords during initial setup."
},
{
"icsa_id": "ICSA-11-361-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-361-01",
"icsa_release": "2011-12-27T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Siemens Automation License Manager Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page. ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automation License Manager (ALM) application. These vulnerabilities include: Buffer overflowExceptionNull pointerImproper input validation. Independent researcher Luigi Auriemma publicly disclosed four vulnerabilities along with proof-of-concept (PoC) exploit code without coordination from Siemens, ICS-CERT, or any other coordinating entity known to ICS-CERT. Siemens has confirmed these vulnerabilities and has released a patch to address the issue. ICS-CERT has not validated the patch."
},
{
"icsa_id": "ICSA-11-362-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-11-362-01",
"icsa_release": "2011-12-28T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "ScadaTEC ScadaPhone & Modbus TagServer Buffer Overflow Vulnerability",
"icsa_is_update": "1",
"icsa_vendor": "ScadaTEC",
"icsa_oneliner": " This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-255-01—ScadaTEC ScadaPhone/ModbusTagServer Buffer Overflow, which was published September 12, 2011, on the ICS-CERT Web page. On September 12, 2011, independent security researcher Steven Seeley publicly released a report that included proof-of-concept exploit code targeting a buffer overflow vulnerability in the ScadaTEC ScadaPhone and ModbusTagServer products. Currently, the exploit code allows an attacker to bind a shell for remote access. According to the report, exploitation of this vulnerability requires a specially crafted ZIP file to be opened using the affected application. ScadaTEC has produced a patch that resolves this vulnerability for all affected products and versions. ICS-CERT has validated that these patches fully resolve the vulnerability."
},
{
"icsa_id": "ICSA-12-006-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-006-01",
"icsa_release": "2012-01-05T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "3S CoDeSys Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "3S-Smart Software Solutions",
"icsa_oneliner": " This advisory is a follow-up to the alert update, ICS-ALERT-11-336-01A 3S CoDeSys Vulnerabilities, which was released on the ICS-CERT Web page on December 02, 2011. Security researcher Celil Unuver (SignalSec LLC) and independent researcher Luigi Auriemma have identified vulnerabilities in the 3S Smart Software Solutions CoDeSys product, summarized in the following table. Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept (PoC) exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity known to ICS-CERT. ICS-CERT has coordinated these vulnerabilities with 3S Smart Software Solutions, and they have produced new versions for both CoDeSys V3 and V2.3 that mitigate these vulnerabilities. Mr. Auriemma has confirmed that the new versions fully resolve the reported vulnerabilities."
},
{
"icsa_id": "ICSA-12-012-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-012-01A",
"icsa_release": "2012-01-25T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Open Automation Software OPC Systems.NET Vulnerability (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "Open Automation Software",
"icsa_oneliner": " This Advisory is a follow-up to “ICS-ALERT-11-285-01—Open Automation Software OPC Systems.NET Vulnerability” that was posted on the ICS-CERT website on October 12, 2011.Independent researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept (PoC) exploit code. This public report was released without coordination with Open Automation Software, ICS-CERT, or any other coordinating entity known to ICS-CERT.ICS-CERT has coordinated this vulnerability with Open Automation Software, and they have produced an update that resolves this vulnerability. Luigi Auriemma has tested the update and has confirmed that it resolves the vulnerability."
},
{
"icsa_id": "ICSA-12-013-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-013-01",
"icsa_release": "2012-02-06T00:00:00",
"icsa_update": "2014-06-02T00:00:00",
"icsa_description": "ING. Punzenberger COPA-DATA GMBH DoS Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "COPA-DATA",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-12-013-01P on the US-CERT secure portal on January 13, 2012. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Security Research and Service Institute--Information and Communication Security Technology Center (ICST) has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system. ICS-CERT has coordinated with Ing. Punzenberger COPA-DATA GmbH, which has produced an updated software release that resolves these vulnerabilities. ICST has tested the new release and verified that it fully resolves these vulnerabilities."
},
{
"icsa_id": "ICSA-12-016-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-016-01",
"icsa_release": "2012-01-15T00:00:00",
"icsa_update": "2013-04-17T00:00:00",
"icsa_description": "Cogent DataHub XSS and CRLF",
"icsa_is_update": "1",
"icsa_vendor": "Cogent Real-Time Systems Inc",
"icsa_oneliner": " ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems Inc. has produced a patch that resolves these vulnerabilities. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported these vulnerabilities to JPCERT/CC."
},
{
"icsa_id": "ICSA-12-018-01B",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-018-01B",
"icsa_release": "2013-09-23T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (Update B)",
"icsa_is_update": "1",
"icsa_vendor": "Schneider Electric",
"icsa_oneliner": " --------- Begin Update B Part 1 of 3 -------- This updated advisory is a follow-up to the updated advisory titled ICSA-12-018-01A Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on June 04, 2013, on the ICS-CERT Web site. It is also a follow-up to the original alert titled ICS-ALERT-11-346-01 Schneider Electric Quantum Ethernet Module Credentials that was published December 12, 2011, on the ICS-CERT Web page. This advisory corrects and expands on the details in the specified alert and subsequent advisory updates."
},
{
"icsa_id": "ICSA-12-018-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-018-02",
"icsa_release": "2012-01-17T00:00:00",
"icsa_update": "2018-08-22T00:00:00",
"icsa_description": "Certec Atvise Server Remote DOS",
"icsa_is_update": "1",
"icsa_vendor": "Certec EDV GmbH",
"icsa_oneliner": " Independent researcher Luigi Auriemma has identified a denial of service (DoS) vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability."
},
{
"icsa_id": "ICSA-12-024-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-024-01",
"icsa_release": "2012-01-24T00:00:00",
"icsa_update": "2013-04-23T00:00:00",
"icsa_description": "Ocean Data Systems Dream Reports XSS and Write Access Violation Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "Ocean Data",
"icsa_oneliner": " Independent researchers Billy Rios and Terry McCorkle identified cross-site scripting (XSS) and write access violation vulnerabilities in Ocean Data Systems Dream Report application.ICS-CERT has coordinated these vulnerabilities with Ocean Data Systems, which has produced a new version that resolves the reported vulnerabilities. The researchers have tested the new version to confirm that it resolves the vulnerability."
},
{
"icsa_id": "ICSA-12-024-02",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-024-02",
"icsa_release": "2012-01-23T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "MICROSYS PROMOTIC Vulnerabilities",
"icsa_is_update": "1",
"icsa_vendor": "MICROSYS",
"icsa_oneliner": null
},
{
"icsa_id": "ICSA-12-025-02A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-025-02A",
"icsa_release": "2012-02-19T00:00:00",
"icsa_update": "2013-05-08T00:00:00",
"icsa_description": "7-Technologies Termis DLL Hijacking (Update A)",
"icsa_is_update": "1",
"icsa_vendor": "7-Technologies",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-12-025-02P on the US-CERT secure portal on January 25, 2012. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the Security Research and Service Institute-Information and Communication Security Technology Center (ICST) identified an uncontrolled search path element vulnerability (often called DLL hijacking), commonly referred to as DLL Hijacking, in the 7-Technologies (7T) TERMIS software. ICS-CERT has coordinated this report with 7T, and 7T has created a patch that resolves this vulnerability. ICST has confirmed this patch fully resolves the reported vulnerability."
},
{
"icsa_id": "ICSA-12-030-01A",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-030-01A",
"icsa_release": "2012-04-18T00:00:00",
"icsa_update": "2018-09-06T00:00:00",
"icsa_description": "Siemens SIMATIC WinCC Vulnerabilities (UPDATE A)",
"icsa_is_update": "1",
"icsa_vendor": "Siemens",
"icsa_oneliner": " This advisory is a follow-up to a previous advisory titled “ICSA-11-356-01 – Siemens HMI Authentication Vulnerabilities” that was published December 22, 2011, and an alert titled \"ICS-ALERT-11-332-02A – Siemens SIMATIC WinCC Flexible Vulnerabilities\" that was published December 2, 2011. ICS-CERT has received reports from independent security researchers Billy Rios, Terry McCorkle, Shawn Merdinger, and Luigi Auriemma detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface (HMI) application. ICS-CERT has coordinated with these researchers and Siemens to validate these vulnerabilities and include mitigation strategies in the latest Siemens service packs.a"
},
{
"icsa_id": "ICSA-12-032-01",
"icsa_url": "https://www.us-cert.gov/ics/advisories/ICSA-12-032-01",
"icsa_release": "2012-03-13T00:00:00",
"icsa_update": "2013-04-30T00:00:00",
"icsa_description": "GE Proficy Historian ihDataArchiver",
"icsa_is_update": "1",
"icsa_vendor": "GE",
"icsa_oneliner": " ICS-CERT originally released Advisory ICSA-12-032-01P on the US-CERT secure portal on March 02, 2012. This web page release was delayed to allow users time to download and install the update. ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative (ZDI) concerning a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver. If exploited, this vulnerability could allow an attacker to cause the Historian Data Archiver service to crash, which may lead to arbitrary code execution. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma. GE Intelligent Platforms has created a patch to address the issue."