Blog Posts Tagged with "ICS"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Directory Traversal Vulnerability

March 13, 2012 Added by:Infosec Island Admin

ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning a directory traversal vulnerability in the GE Intelligent Platforms which could allow an attacker to create or overwrite a file on systems running the Real-Time Information Portal...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Shining LIGHTS on ICS Cybersecurity

March 11, 2012 Added by:Chris Blask

The LIGHTS program was created as a means of addressing security for the large number of small utilities operations. LIGHTS is a non-profit program run under Energysec that sets a consistent open-source-baseline approach to securing smaller critical industrial control facilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Solar Flare Disruption Advisory

March 09, 2012 Added by:Infosec Island Admin

The resulting geomagnetic storms can cause aurora at low latitudes and disrupt satellite and high frequency radio communication, GPS, and power grids. ICS-CERT requests that any issues affecting control systems in critical infrastructure environments be reported...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: xArrow SCADA HMI Multiple Vulnerabilities

March 07, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report detailing multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting xArrow, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product that are are remotely exploitable...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Robot Communication Runtime Buffer Overflow

March 05, 2012 Added by:Infosec Island Admin

A buffer overflow vulnerability in the Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers could allow an attacker to cause a denial of service and potentially execute remote code with administrator privileges...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Is ICS-CERT Focused on the Right Issues?

February 21, 2012 Added by:Joe Weiss

Analysis of the incident database shows the most significant events from an impact perspective were control system related - yet they represent only 24 of the 203 advisories ICS-CERT put out in the last year. It appears ICS-CERT is focusing on the less important issues...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7Technologies TERMIS DLL Hijacking

February 21, 2012 Added by:Infosec Island Admin

The 7T TERMIS software is vulnerable to DLL Hijacking. An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. This vulnerability may allow execution of arbitrary code and may be exploitable from a remote machine...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7T AQUIS DLL Hijacking Vulnerability

February 20, 2012 Added by:Infosec Island Admin

An uncontrolled search path element vulnerability, commonly referred to as DLL Hijacking, in the 7-Technologies (7T) AQUIS software could lead to arbitrary code execution with successful exploit...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Exploit Tool Releases for ICS Devices Advisory

February 16, 2012 Added by:Headlines

Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

What's More Important - Vulnerabilities or Actual Incidents?

February 13, 2012 Added by:Joe Weiss

To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

February 08, 2012 Added by:Headlines

Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »