ICS


US Power Gird Vendors Under Assualt

Source: Rob Barry and Lisa Schwartz of the Wall Street Journal The Wall Street Journal is reporting of a sophisticated phishing campaign targeting the vendors of Power Utilities. The U.S. Department of Homeland Security dispatched…


Advisory (ICSA-18-345-02)

Siemens SINUMERIK Controllers Source: ICS-CERT 1. EXECUTIVE SUMMARY CVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SINUMERIK ControllersVulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught…


PI Developer Warns of Breach

Source: SecurityWeek Software company OSIsoft warned employees, interns, consultants and contractors that all domain accounts have likely been compromised as a result of a data breach. Source: OSISoft OSIsoft provides real-time data management solutions and…


Siemens OpenSSL Vulnerability in Industrial Products

Advisory (ICSA-18-226-02) Source: ICS-CERT Original release date: August 14, 2018 | Last revised: November 13, 2018 1. EXECUTIVE SUMMARY CVSS v3 5.9ATTENTION: Exploitable remotelyVendor: SiemensEquipment: Industrial ProductsVulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION…




Schneider Electric Advisory (ICSA-18-305-02)

More Advisories Advisory (ICSA-18-305-02) Schneider Electric Software Update (SESU) 1. EXECUTIVE SUMMARY CVSS v3 7.8ATTENTION: Low skill level to exploitVendor: Schneider ElectricEquipment: Software Update (SESU)Vulnerability: DLL hijacking 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…



Dragos’ launches “Neighborhood Keeper” Program

Source: BusinessWire Dragos, Inc, announced a DOE’s partnership on a cooperative agreement to research and develop a collaborative threat detection and shared intelligence program, Neighborhood Keeper. Together with Ameren, First Energy, Idaho National Laboratory (INL),…