Essential NERC CIP Security Awareness Bulletin 2016 Copyright, Encari, a division of PowerSecure, Inc This Security Awareness Bulletin is provided as a complimentary service by Encari to aid entities.Essential NERC CIP Security Awareness Bulletin 2016 Copyright, Encari, a division of PowerSecure, Inc This Security Awareness Bulletin is provided as a complimentary service by Encari to aid entities.
Trang 1NERC CIP
Security Awareness Bulletin
Trang 2Table of Contents
Threats, Vulnerabilities and Incidents 8
Cisco Security Advisory (cisco-sa-20160330-fp): Cisco Firepower Malware Block Bypass Vulnerability 8 US-CERT Alert (TA16-091A): Ransomware and Recent Variants 8 ICS-CERT Alert (IR-ALERT-H-16-056-01): Cyber-Attack Against Ukrainian Critical Infrastructure 8 ICS-CERT Advisory (ICSA-16-084-01): Cogent DataHub Elevation of Privilege Vulnerability 9 ICS-CERT Advisory (ICSA-16-082-01): Siemens APOGEE Insight Incorrect File Permissions Vulnerability 9 ICS-CERT Advisory (ICSA-16-077-01A): ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A) 9 ICS-CERT Advisory (ICSA-16-075-01): Siemens SIMATIC S7-1200 CPU Protection Mechanism Failure 9 ICS-CERT Advisory (ICSA-16-070-01): Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability 9 ICS-CERT Advisory (Advisory (ICSA-16-063-01): Moxa ioLogik E2200 Series Weak Authentication Practices 10 ICS-CERT Advisory (Advisory (ICSA-16-061-01): Schneider Electric Building Operation Automation Server Vulnerability 10 ICS-CERT Advisory (Advisory (ICSA-16-061-02): Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability 10 ICS-CERT Advisory (ICSA-16-049-01): B+B SmartWorx VESP211 Authentication Bypass Vulnerability 10 ICS-CERT Advisory (ICSA-16-049-02): AMX Multiple Products Credential Management Vulnerabilities 10 ICS-CERT Advisory (ICSA-16-040-01): Tollgrade SmartGrid Sensor Management System Software Vulnerabilities 11 ICS-CERT Advisory (ICSA-16-040-02): Siemens SIMATIC S7-1500 CPU Vulnerabilities 11 ICS-CERT Advisory (Advisory (ICSA-16-033-01): Sauter moduWeb Vision Vulnerabilities 11 ICS-CERT Advisory (ICSA-16-033-02): GE SNMP/Web Interface Vulnerabilities 11 ICS-CERT Advisory (ICSA-16-028-01): Westermo Industrial Switch Hard-coded Certificate Vulnerability 11 ICS-CERT Advisory (ICSA-16-026-01): MICROSYS PROMOTIC Memory Corruption Vulnerability 11
Trang 3ICS-CERT Advisory (Advisory (ICSA-16-021-01): CAREL PlantVisor Enhanced
Authentication Bypass Vulnerability 11
ICS-CERT Advisory (ICSA-15-337-02): Hospira Multiple Products Buffer Overflow Vulnerability 12
ICS-CERT Advisory (ICSA-16-019-01): Siemens OZW672 and OZW772 XSS Vulnerability 12
ICS-CERT Advisory (ICSA-16-014-01): Advantech WebAccess Vulnerabilities 12
ICS-CERT Advisory (ICSA-15-356-01): Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities 12
ICS-CERT Advisory (ICSA-15-351-01): Schneider Electric Modicon M340 Buffer Overflow Vulnerability 12
ICS-CERT Advisory (ICSA-15-351-02): Motorola MOSCAD SCADA IP Gateway Vulnerabilities 13
ICS-CERT Advisory (ICSA-15-351-03): eWON Vulnerabilities 13
ICS-CERT Advisory (ICSA-15-349-01): Adcon Telemetry A840 Vulnerabilities 13
ICS-CERT Advisory (ICSA-15-344-01B): Advantech EKI Vulnerabilities (Update B) 13
Vulnerability Note (VU# 732760): Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability 13
Vulnerability Note (VU# 319816): npm fails to restrict the actions of malicious npm package 13
Vulnerability Note (VU# 27947): Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities 14
Vulnerability Note (VU# 897144): Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow 14
Vulnerability Note (VU# 713312): DTE Energy Insight app vulnerable to information exposure 14
Vulnerability Note (VU# 270232): Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability 14
Vulnerability Note (VU# 583776): Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack 14
Vulnerability Note (VU# 938151): Forwarding Loop Attacks in Content Delivery Networks may result in denial of service 14
Vulnerability Note (VU# 419128): IKE/IKEv2 protocol implementations may allow network amplification attacks 15
Vulnerability Note (VU# 444472): QNAP Signage Station and iArtist Lite contain multiple vulnerabilities 15
Trang 4Vulnerability Note (VU# 981271): Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol 15 Vulnerability Note (VU# 485744): Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability 15 Vulnerability Note (VU# 899080): Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials 15 Vulnerability Note (VU# 899080): Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials 15 Vulnerability Note (VU# 923388): Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password 15 Vulnerability Note (VU# 457759): glibc vulnerable to stack buffer overflow in DNS resolver 15 Vulnerability Note (VU# 507216): Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default 15 Vulnerability Note (VU# 327976): Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability 16 Vulnerability Note (VU# 305096): Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium 16 Vulnerability Note (VU# 777024): Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities 16 Vulnerability Note (VU#544527): OpenELEC and RasPlex have a hard-coded SSH root password 16 Vulnerability Note (VU# 972224): Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries 16 Vulnerability Note (VU# 257823): OpenSSL re-uses unsafe prime numbers in Diffie- Hellman protocol 16 Vulnerability Note (VU# 992624): Harman AMX multimedia devices contain hard-coded credentials 16 Vulnerability Note (VU# 916896): Oracle Outside In 8.5.2 contains multiple stack buffer overflows 16 Vulnerability Note (VU# 772447): ffmpeg and Libav cross-domain information disclosure vulnerability 17 Vulnerability Note (VU# 456088): OpenSSH Client contains a client information leak vulnerability and buffer overflow 17 Vulnerability Note (VU# 753264): IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects 17
Trang 5Vulnerability Note (VU# 820196): Furuno Voyage Data Recorder (VDR) moduleserv
firmware update utility fails to properly sanitize user-provided input 17
Security Publications, Tips, Tools and Solutions 17
NISTIR 8055: Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research 17
NISTIR 8054: NSTIC Pilots: Catalyzing the Identity Ecosystem 17
NISTIR 7511 Rev 4: Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements 18
NIST Special Publication 800-38G: Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption 18
NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems Organizations 18
NIST Special Publication 800-125B: Secure Virtual Network Configuration for Virtual Machine (VM) Protection 19
NIST Special Publication 800-73-4: Interfaces for Personal Identity Verification 19
NIST Special Publication 800-57 Part 1 Rev 4: Recommendation for Key Management, Part 1: General 19
ICS-CERT Releases CSET 7.1 19
ICS-CERT Fact Sheets 19
NERC Compliance Tools and Resources 20
Final Lesson Learned Posted 20
CIP V5 Evidence Request Spreadsheets Available 20
Highlight on CIP V5 Program Resources 21
FERC Orders 21
Order No 822: Revised Critical Infrastructure Protection Reliability Standards 21
RM15-14-000: Letter Order Granting Extension of Time for Revised CIP V5 Reliability Standards 21
NERC Filings with FERC 21
RM15-14-000: Comments of NERC in Response to Trade Associations' Motion in the Revised CIP Standards Proceeding 21
Pending Legislation 22
H.R.4350 - To repeal the Cybersecurity Act of 2015 22
S.2665 - State and Local Cyber Protection Act of 2016 22
H.R.4743 - National Cybersecurity Preparedness Consortium Act of 2016 22
Trang 6H.R.4860 - United States - Israel Cybersecurity Cooperation Act 22
Upcoming Events 22
FRCC Spring Compliance Workshop 22
Texas RE Spring 2016 Standards & Compliance Workshop 22
ICSJWG 2016 Spring Meeting 22
Industrial Control Systems Cybersecurity (301) Training 22
FRCC 2016 CIP Compliance Workshop 22
SPP RE CIP Workshop 22
MRO Reliability Conference Protection Systems 23
FERC Reliability Technical Conference 23
NERC 2016 Standards & Compliance Workshop 23
Texas RE Compliance 101 Workshop 23
MRO Security Conference 23
SERC CIP Compliance Seminar 23
RF Fall Workshop 23
TRE Fall Standards & Compliance Workshop 23
NERC GridSecCon 2016 23
SERC Fall Compliance Seminar 23
WECC CUG & CIPUG 23
FRCC Compliance Fall Workshop 23
NPCC Compliance Workshop 23
MRO CMEP Conference 23
Looking for a Helpful Resource? 23
Encari s Website 23
NERC CIP Compliance LinkedIn Group 23
Encari s Email Distribution List 23
NERC CIP Version 5 Indices 24
Quarterly Security Awareness Resources 24
NERC CIP Compliance Webinars 24
ICS-CERT Critical Infrastructure Feed Recently Published 24
SCADA Security Survival Guide 24
ECT.COOP 25
Trang 7Contribute Control Systems Security Articles to Future ICSJWG Quarterly Newsletters 25 RSS 25
Trang 8Threats, Vulnerabilities and Incidents
Cisco Security Advisory (cisco-sa-20160330-fp): Cisco Firepower Malware Block Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms
on an affected system
The vulnerability is due to improper input validation of fields in HTTP headers An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected Cisco has released software updates that address this vulnerability There are no workarounds that address this vulnerability For additional details and mitigation, click here
US-CERT Alert (TA16-091A): Ransomware and Recent Variants
In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide Ransomware is a type of malicious software that infects a computer and restricts users access to it until a ransom is paid to unlock it
The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware For additional details and mitigation,
An interagency team comprised of representatives from the National Cybersecurity and Communications Integration Center (NCCIC)/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S Computer Emergency Readiness Team (US-CERT), Department of Energy, Federal Bureau of Investigation, and the North American Electric Reliability Corporation traveled to Ukraine to collaborate and gain more insight The Ukrainian government worked closely and openly with the U.S team and shared information to help prevent future cyber-attacks
This report provides an account of the events that took place based on interviews with company personnel This report is being shared for situational awareness and network defense purposes ICS-CERT strongly encourages organizations across all sectors to review and employ the mitigation strategies listed below
Trang 9Additional information on this incident including technical indicators can be found in the TLP GREEN alert (IR-ALERT-H-16-043-01P and subsequent updates) that was released to the US-CERT secure portal US critical infrastructure asset owners and operators can request access to this information
by emailing ics-cert@hq.dhs.gov For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-084-01): Cogent DataHub Elevation of Privilege Vulnerability
Steven Seeley of Source Incite has identified a privilege elevation vulnerability in the Cogent DataHub application produced by Cogent Real-Time Systems, Inc Cogent has produced a new version to mitigate this vulnerability Steven Seeley has tested the new version to validate that it resolves the vulnerability For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-082-01): Siemens APOGEE Insight Incorrect File Permissions Vulnerability
Siemens has identified an incorrect file permissions vulnerability in APOGEE Insight Network & Information Security Ltd Company and HuNan Quality Inspection Institute reported this issue directly to Siemens Siemens has provided workaround instructions to mitigate this vulnerability For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-077-01A): ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-16-077-01 ABB Panel Builder
800 DLL Hijacking Vulnerability that was published March 17, 2016, on the NCCIC/ICS-CERT web site
Ivan Sanchez from Nullcode Team has identified a DLL Hijacking vulnerability in the ABB Panel Builder 800 Version 5.1 application
Panel Builder Version 6.0 is not affected by this vulnerability
For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-075-01): Siemens SIMATIC S7-1200 CPU Protection Mechanism Failure
Siemens has identified a protection mechanism failure vulnerability in old firmware versions of SIMATIC S7-1200 Maik Brüggemann and Ralf Spenneberg from Open Source Training reported this issue directly to Siemens Siemens provides SIMATIC S7-1200 CPU product, release V4.0 or newer,
to mitigate this vulnerability and recommends keeping the firmware up to date This vulnerability could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-070-01): Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability
David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Schneider Electric s Telvent SAGE and remote terminal units RTUs Schneider Electric has already released a revision that eliminates this vulnerability This advisory serves as a notification of a new vulnerability in the previous software version The researchers have
Trang 10tested the revision to validate that it resolves the reported vulnerability For additional details and mitigation, click here.
ICS-CERT Advisory (Advisory (ICSA-16-063-01): Moxa ioLogik E2200 Series Weak Authentication Practices
This advisory is a follow-up to the alert titled ICS-ALERT-15-224-04 Moxa ioLogik E2210 Vulnerabilitiesa that was published August 12, 2015, on the NCCIC/ICS-CERT web site
Independent researcher Aditya Sood reported weak authentication vulnerabilities in Moxa ioLogik E2200 Ethernet Micro RTU controllers Moxa has produced a network security enhancement to mitigate these vulnerabilities These vulnerabilities could be exploited remotely Exploits that target these vulnerabilities are publicly available For additional details and mitigation, click here
ICS-CERT Advisory (Advisory (ICSA-16-061-01): Schneider Electric Building Operation Automation Server Vulnerability
Independent researcher Karn Ganeshen has identified a vulnerability in servers programmed with Schneider Electric s StruxureWare Building Operation software Schneider Electric has produced a new version to mitigate this vulnerability This vulnerability could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (Advisory (ICSA-16-061-02): Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability
This advisory is a follow-up to the alert titled ICS-ALERT-15-225-01A Rockwell Automation L32 Series Vulnerability that was published August 13, 2015, on the NCCIC/ICS-CERT web site
1766-Independent researcher Aditya Sood has identified a cross-site scripting vulnerability in Rockwell Automation s CompactLogix controller This vulnerability has been publicly disclosed Rockwell Automation has produced a new firmware version to mitigate this vulnerability This vulnerability could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-049-01): B+B SmartWorx VESP211 Authentication Bypass Vulnerability
Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in B+B SmartWorx s VESP serial servers B B SmartWorx has produced an implementation plan to mitigate this vulnerability This vulnerability could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-049-02): AMX Multiple Products Credential Management Vulnerabilities
NCCIC/ICS-CERT has become aware of public reporting of credential management vulnerabilities in multiple Harman AMX multimedia devices AMX has confirmed the existence of hard-coded passwords in multiple products AMX has produced patches and new product versions to mitigate one of the vulnerabilities in the affected products AMX is working to release new product versions
to mitigate the remaining credential management vulnerability in their affected products These vulnerabilities could be exploited remotely Exploits that target these vulnerabilities are known to be publicly available For additional details and mitigation, click here
Trang 11ICS-CERT Advisory (ICSA-16-040-01): Tollgrade SmartGrid Sensor Management System Software Vulnerabilities
Independent researcher Maxim Rupp has identified vulnerabilities in Tollgrade Communications, )nc s SmartGrid Light(ouse Sensor Management System (SMS) Software EMS Tollgrade Communications, Inc has produced an update to mitigate these vulnerabilities Maxim Rupp has tested the update to validate that it resolves the vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-040-02): Siemens SIMATIC S7-1500 CPU Vulnerabilities
Siemens has identified two vulnerabilities in the Siemens SIMATIC S7-1500 CPU family Siemens has produced a firmware update to mitigate these vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (Advisory (ICSA-16-033-01): Sauter moduWeb Vision Vulnerabilities
Martin Jartelius and John Stock of Outpost have identified three vulnerabilities in Sauter s moduWeb Vision application Sauter has produced a new firmware version to mitigate these vulnerabilities The researchers have tested the new firmware version to validate that it resolves the vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-033-02): GE SNMP/Web Interface Vulnerabilities
Independent researcher Karn Ganeshen has identified two vulnerabilities in the GE SNMP/Web Interface adapter GE has produced a new firmware version to mitigate the identified vulnerabilities
in later model devices Earlier model SNMP/Web Interface adapters may need to be upgraded to accommodate the new firmware version to address the identified vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-028-01): Westermo Industrial Switch Hard-coded Certificate Vulnerability
Independent researcher Neil Smith has identified a hard-coded certificate vulnerability in Westermo s industrial switches Westermo has developed an update to allow the web interface certificate to be changed Neil Smith has tested the update to validate that it resolves the vulnerability This vulnerability could be exploited remotely after a successful man-in-the-middle attack For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-026-01): MICROSYS PROMOTIC Memory Corruption Vulnerability
Security researcher Praveen Darshanam of Versa Networks has identified a memory corruption vulnerability in the MICROSYS, spol s.r.o PROMOTIC application MICROSYS has produced a new version to mitigate this vulnerability The researcher has tested the new version to validate that it resolves the vulnerability For additional details and mitigation, click here
ICS-CERT Advisory (Advisory (ICSA-16-021-01): CAREL PlantVisor Enhanced Authentication Bypass Vulnerability
)ndependent researcher Maxim Rupp has identified an authorization bypass vulnerability in CAREL s PlantVisor application CAREL has confirmed that this vulnerability refers to the phased-out CAREL
Trang 12product PlantVisorEnhanced and is no longer supported This vulnerability could be exploited remotely For additional details and mitigation, click here.
ICS-CERT Advisory (ICSA-15-337-02): Hospira Multiple Products Buffer Overflow Vulnerability
This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and
is being released to the NCCIC/ICS-CERT web site
Jeremy Richards of SA)NT Corporation has identified a buffer overflow vulnerability in (ospira s LifeCare PCA Infusion System Hospira has determined that LifeCare PCA Infusion Systems released prior to July 2009 that are running Communication Engine (CE) Version 1.0 or earlier are vulnerable )n response to Jeremy Richards reported vulnerability (ospira has assessed other products and determined that Plum A+/A+3 Infusion Systems, released prior to March 2009 and running CE Version 1.0 or earlier versions, also contain the identified vulnerability Hospira has confirmed that LifeCare PCA and Plum A+/A+3 Infusion Systems, running CE Version 1.2 or later versions, sold after the aforementioned dates, are not vulnerable This vulnerability could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-16-019-01): Siemens OZW672 and OZW772 XSS Vulnerability
Independent researcher Aditya Sood has identified a cross-site scripting vulnerability in Siemens OZW672 and OZW772 devices Siemens has produced a firmware update to mitigate this vulnerability This vulnerability could be exploited remotely For additional details and mitigation,
click here
ICS-CERT Advisory (ICSA-16-014-01): Advantech WebAccess Vulnerabilities
Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher have identified multiple vulnerabilities in Advantech WebAccess application Many of these vulnerabilities were reported through the Zero Day Initiative (ZDI) and iDefense Advantech has produced a new version to mitigate these vulnerabilities Ivan Sanchez has tested the new version to validate that it resolves the vulnerabilities which he reported These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-15-356-01): Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices Siemens has produced firmware updates to mitigate these vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-15-351-01): Schneider Electric Modicon M340 Buffer Overflow Vulnerability
David Atch of CyberX has identified a buffer overflow vulnerability in Schneider Electric s Modicon M340 PLC product line Schneider Electric has produced a new firmware patch to mitigate this vulnerability This vulnerability could be exploited remotely For additional details and mitigation,
click here
Trang 13ICS-CERT Advisory (ICSA-15-351-02): Motorola MOSCAD SCADA IP Gateway Vulnerabilities
Independent researcher Aditya K Sood has identified Remote File Inclusion (RFI) and Cross-Site Request Forgery (CSRF) vulnerabilities in Motorola Solutions MOSCAD )P Gateway Motorola Solutions has confirmed this product was cancelled at the end of 2012 and no longer offer software updates These vulnerabilities could be exploited remotely For additional details and mitigation,
click here
ICS-CERT Advisory (ICSA-15-351-03): eWON Vulnerabilities
Independent researcher Karn Ganeshen has identified several vulnerabilities in the eWON sa industrial router eWON sa has produced an updated firmware to mitigate these vulnerabilities These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-15-349-01): Adcon Telemetry A840 Vulnerabilities
)ndependent researcher Aditya K Sood has identified vulnerabilities in Adcon Telemetry s ATelemetry Gateway Base Station Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported No patches or updates will be created for this product Adcon Telemetry sent a message to all known customers to offer to upgrade to a more secure and stable version These vulnerabilities could be exploited remotely For additional details and mitigation, click here
ICS-CERT Advisory (ICSA-15-344-01B): Advantech EKI Vulnerabilities (Update B)
This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site
(D Moore of Rapid identified several vulnerabilities in Advantech s EK) Advantech has released updated firmware to mitigate these vulnerabilities
These vulnerabilities could be exploited remotely Exploits that target these vulnerabilities are known to be publicly
For additional details and mitigation, click here
Vulnerability Note (VU# 732760): Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability
Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code For detailed description, impact and solution, click here
Vulnerability Note (VU# 319816): npm fails to restrict the actions of malicious npm package
npm allows packages to take actions that could result in a malicious npm package author to create a worm that spreads across the majority of the npm ecosystem For detailed description, impact and solution, click here