Items Tagged with "SCADA"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Gauss Information Stealing Malware

August 14, 2012 Added by:Infosec Island Admin

Kaspersky Lab recently released a report on a new information-stealing malware they have named “Gauss" which is designed to collect information and send the data to its command-and-control servers. Gauss was predominantly on systems in the Middle East, but has also been detected on networks in the US...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Synco OZW Web Server Vulnerability

August 13, 2012 Added by:Infosec Island Admin

Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SpecView Directory Traversal Vulnerability

August 08, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SIMATIC S7-400 Denial of Service Vulnerabilities

August 07, 2012 Added by:Infosec Island Admin

Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Top Cyber Security Experts Meet for Smart Grid Security Summit

August 07, 2012 Added by:Larry Karisny

From securing Intrusion Prevention Systems (IPS) that now must securely encrypt the new end point of nano sensors chip sets to Intrusion Detection Systems (IDS) that must now be able to view real time event anomalies and business processes, this discussion showed the need for security technology change...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: ICONICS GENESIS32 and BizViz Vulnerabilities

August 06, 2012 Added by:Infosec Island Admin

Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow Vulnerability

August 03, 2012 Added by:Infosec Island Admin

Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...

Comments  (0)

6d117b57d55f63febe392e40a478011f

DefCon: Dan Tentler Discusses the Power of Shodan

August 02, 2012

Everyone knows routers, switches and servers are connected to the internet - but what else is out there? Has anybody even looked? Some of Dan's Shodan findings were pretty surprising, and these discoveries are an excellent metric for identifying how successful our security campaigns as an industry are...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Kessler-Ellis Products Exploit POC

August 02, 2012 Added by:Infosec Island Admin

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

6d117b57d55f63febe392e40a478011f

BSidesLV 2012: Termineter Framework and Smart Meter Testing

July 31, 2012

The "Power Grid" is a growing topic in the security industry and Advanced Metering Infrastructure (AMI) is a topic that hasn't been discussed to its full potential. Spencer's presentation discussed the types of vulnerabilities found in Smart Meters, and gave examples from real world assessments he conducted...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic Step 7 DLL Vulnerability

July 25, 2012 Added by:Infosec Island Admin

Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack

July 24, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: OSIsoft Stack-Based Buffer Overflow Vulnerability

July 23, 2012 Added by:Infosec Island Admin

ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »