Blog Posts Tagged with "ICS-CERT"
ICS-CERT: ABB Multiple Components Buffer Overflow
April 11, 2012 Added by:Infosec Island Admin
Researchers have identified a buffer overflow vulnerability in multiple components of the ABB WebWare Server application which could lead to a denial-of-service for the application and privilege escalation or could allow an attacker to execute arbitrary code...
Comments (0)
ICS-CERT: 3S-Software CoDeSys Improper Access Control
April 10, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of improper access control vulnerability affecting 3S-Software CoDeSys which could allow an attacker can upload unauthenticated configuration changes to the PLC which may include arbitrary code...
Comments (0)
ICS-CERT: Wago IPC Multiple Vulnerabilities
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
Comments (0)
ICS-CERT: ABB WebWare Server Buffer Overflow
April 06, 2012 Added by:Infosec Island Admin
Researchers have identified a buffer overflow vulnerability in multiple components of the ABB WebWare Server application which if exploited could lead to a denial-of-service for the application and privilege escalation or could allow an attacker to execute arbitrary code...
Comments (0)
ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
Comments (0)
ICS-CERT: Invensys Wonderware Buffer Overflow Vulnerability
April 02, 2012 Added by:Infosec Island Admin
Researchers identified two buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform, and successful exploitation of these vulnerabilities will cause a buffer overflow that may allow remote code execution...
Comments (0)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
March 29, 2012 Added by:Infosec Island Admin
Researchers have identified two vulnerabilities that may result in a denial-of-service (DoS) condition in the Rockwell Automation FactoryTalk (FT) application which if successfully exploited may result in a Denial of Service condition...
Comments (0)
ICS-CERT: Ecava IntegraXor Path Traversal Vulnerability
March 26, 2012 Added by:Infosec Island Admin
Researchers Billy Rios and Terry McCorkle have identified a Path Traversal vulnerability when a specially crafted HTML document is opened on the Ecava IntegraXor server. Successful exploitation could allow file manipulation or arbitrary code execution...
Comments (0)
ICS-CERT: Increasing Threat to Industrial Control Systems
March 21, 2012 Added by:Infosec Island Admin
ICS-CERT is monitoring an increase in a combination of threats that increase the risk of control systems attacks. These include Internet accessible ICS configurations, vulnerability and exploit tool releases, and increased interest and activity by hacktivist groups and others...
Comments (0)
Understanding Industrial Control System Vulnerabilities
March 21, 2012 Added by:Infosec Island Admin
A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. A backup control center is used in more critical applications to provide a secondary control system...
Comments (0)
ICS-CERT: Windows Remote Desktop Protocol Vulnerability
March 20, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a Remote Desktop Protocol (RDP) vulnerability, which with successful exploitation in the control systems environment could lead to system processes freezing and potentially allow remote code execution...
Comments (0)
ICS-CERT: GE Intelligent Platforms Proficy Historian Data Advisory
March 15, 2012 Added by:Infosec Island Admin
ICS-CERT received a report from GE Intelligent Platforms concerning a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver could allow an attacker to cause the service to crash, and may lead to arbitrary code execution...
Comments (0)
ICS-CERT: GE Intelligent Platforms Proficy Plant Vulnerability
March 14, 2012 Added by:Infosec Island Admin
ICS-CERT received a report concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications which could allow an attacker to cause multiple Proficy services to crash, which may lead to arbitrary code execution...
Comments (0)
ICS-CERT: GE Intelligent Platforms Directory Traversal Vulnerability
March 13, 2012 Added by:Infosec Island Admin
ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning a directory traversal vulnerability in the GE Intelligent Platforms which could allow an attacker to create or overwrite a file on systems running the Real-Time Information Portal...
Comments (0)
ICS-CERT: Solar Flare Disruption Advisory
March 09, 2012 Added by:Infosec Island Admin
The resulting geomagnetic storms can cause aurora at low latitudes and disrupt satellite and high frequency radio communication, GPS, and power grids. ICS-CERT requests that any issues affecting control systems in critical infrastructure environments be reported...
Comments (2)
Are DOE and DHS Helping to Secure the Infrastructure or Not?
March 08, 2012 Added by:Joe Weiss
DOE and the utilities are in an effort to secure the Grid. Yet the utilities voted down Version 5 of the NERC CIPs. Many of the devices that have been demonstrated to be vulnerable would not be addressed by NERC. Who is responsible for protecting critical infrastructure?
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider