Items Tagged with "Industrial Control Systems"
August 08, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...
August 07, 2012 Added by:Infosec Island Admin
Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...
August 07, 2012 Added by:Larry Karisny
From securing Intrusion Prevention Systems (IPS) that now must securely encrypt the new end point of nano sensors chip sets to Intrusion Detection Systems (IDS) that must now be able to view real time event anomalies and business processes, this discussion showed the need for security technology change...
August 06, 2012 Added by:Infosec Island Admin
Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...
August 03, 2012 Added by:Infosec Island Admin
Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...
August 02, 2012
Everyone knows routers, switches and servers are connected to the internet - but what else is out there? Has anybody even looked? Some of Dan's Shodan findings were pretty surprising, and these discoveries are an excellent metric for identifying how successful our security campaigns as an industry are...
August 02, 2012 Added by:Infosec Island Admin
ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...
July 25, 2012 Added by:Infosec Island Admin
Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...
July 24, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
July 23, 2012 Added by:Infosec Island Admin
ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...
July 19, 2012 Added by:Headlines
“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”
July 18, 2012 Added by:Infosec Island Admin
ICSCERT has identified three technology deployment areas to evaluate when considering the upcoming EOL of XP SP3 across ICS environments. Applications installed on Windows XP SP3 operating system builds on standard IT equipment, including engineering workstations, HMI servers, historian systems, etc...
July 16, 2012 Added by:Infosec Island Admin
Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...
July 13, 2012 Added by:Infosec Island Admin
"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."
July 12, 2012 Added by:Infosec Island Admin
ICS and the smart grids are two of these priority areas identified by the EU-US WG. In the last decade, these systems have been facing a notable number of incidents, including the manifestation of Stuxnet which raised a lot of concerns and discussions among all the actors involved in the field...