CISA (ICS)
09/15/2010
Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ ICSA-10-201 USB Malware Targeting Siemens Control Software .” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities and intent. As the analysis …
CISA (ICS)
08/16/2010
Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on those systems. The addition of …
CISA (ICS)
08/02/2010
Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this zero-day vulnerability and exploits systems after users open a USB drive with a file …
CISA (ICS)
08/02/2010
Overview A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default ( VU#362332 ) and a weak hashing algorithm used in authentication ( VU#840249 ). ICS-CERT has been coordinating with CERT/CC in alerting control systems vendors of …
CISA (ICS)
05/27/2010
Overview Cisco has identified multiple security vulnerabilitiesCisco, http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml, website last visited May 27, 2010. in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. The following vulnerabilities have been identified: default credentials, privilege escalation, unauthorized information interception, and unauthorized information access. Successful exploitation …
CISA (ICS)
05/03/2010
OVERVIEW A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool (RSHWare.exe). This vulnerability is likely exploitable; however, significant user interaction would be required. AFFECTED PRODUCTS EDS Hardware Installation Tool Version 1.0.5.1 and earlier. IMPACT The CVSS impact subscore for this vulnerability, as calculated by …
CISA (ICS)
04/27/2010
Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScripting(XSS) vulnerability exists in the system used by the ABB Electrical Distribution Management System (DMS) product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB Network Manager DMS client products ORMap and OMI are not affected by this problem, because …
CISA (ICS)
03/31/2010
Overview ICS-CERT has received reports and investigated infections of the MariposaDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. botnet, which have affected the business networks of multiple control system owners in recent months. ICS-CERT has no information to indicate that these infections have specifically targeted United States Critical Infrastructure …