Bulletins

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the test web server bundled with Advantech Studio Version 6.1. This web server is intended to be used for testing purposes and should not be used in a production …

Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal , published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow data leakage. ICS-CERT is currently in …

OVERVIEW This advisory is a follow-up to ICS-ALERT-10-293-01 - Intellicom NetBiter WebSCADA Vulnerabilities , published on the ICS-CERT Web page on October 20, 2010. On October 1, 2010 independent researchers identified vulnerabilities in the Intellicom NetBiter Supervisory Control and Data Acquisition (SCADA) applications. A directory traversal vulnerability is present in …

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code. Ecava has verified the claim and has released a patch to mitigate the vulnerability …

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a heap corruption vulnerability in the Automated Solutions Modbus/TCP Master OPC server. Automated Solutions has confirmed that their most recent patch mitigates the vulnerability for Version 3.0.0. ICS-CERT has verified that the software update resolves …

Overview --------- Begin Update A Part 1 of 2 ---------- On October 20, 2010, an independent security researcher postedRubén Santamarta, http://www.reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1, website last visited October 28, 2010. information regarding a vulnerability in MOXA Device Manager (MDM) Version 2.1. MOXA has confirmed this vulnerability and released Version 2.3 on November 11, …

Overview This advisory is a follow-up to ICS-ALERT-10-305-01 RealFlex RealWin Buffer Overflows , which was published on the ICS-CERT Web site on November 01, 2010. On October 15, 2010 an independent security researcher posted informationResearcher, http://aluigi.altervista.org/adv/realwin1-adv.txt, website last visited November 4, 2010. regarding vulnerabilities in RealFlex Technologies Ltd. RealWin SCADA …