CISA (ICS)
09/29/2010
OVERVIEW ICS-CERT has been actively investigating and reporting on the Stuxnet vulnerability. To date, ICS-CERT has released ICSA-10-201-01 - Malware Targeting Siemens Control Software (including Updates B & C) and ICSA-10-238-01 - Stuxnet Mitigations (including Update B). Stuxnet uses four zero-day exploits (two of which have been patched) and takes …
CISA (ICS)
09/21/2010
Overview This advisory is a follow-up to ICS-ALERT-10-260-01 SCADA Engine BACnet OPC Client Buffer Overflow , which was published on the ICS-CERT Web site on September 17, 2010. A buffer overflow vulnerability has been reportedSecunia Advisory SA41466, http://secunia.com/advisories/41466/, website last accessed September 21, 2010 in SCADA Engine’s BACnet OPC Client. …
CISA (ICS)
09/15/2010
Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ ICSA-10-201 USB Malware Targeting Siemens Control Software .” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities and intent. As the analysis …
CISA (ICS)
08/16/2010
Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on those systems. The addition of …
CISA (ICS)
08/02/2010
Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this zero-day vulnerability and exploits systems after users open a USB drive with a file …
CISA (ICS)
08/02/2010
Overview A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default ( VU#362332 ) and a weak hashing algorithm used in authentication ( VU#840249 ). ICS-CERT has been coordinating with CERT/CC in alerting control systems vendors of …
CISA (ICS)
05/27/2010
Overview Cisco has identified multiple security vulnerabilitiesCisco, http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml, website last visited May 27, 2010. in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. The following vulnerabilities have been identified: default credentials, privilege escalation, unauthorized information interception, and unauthorized information access. Successful exploitation …
CISA (ICS)
05/03/2010
OVERVIEW A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool (RSHWare.exe). This vulnerability is likely exploitable; however, significant user interaction would be required. AFFECTED PRODUCTS EDS Hardware Installation Tool Version 1.0.5.1 and earlier. IMPACT The CVSS impact subscore for this vulnerability, as calculated by …