Publication: ICS-CERT Notable Critical Infrastructure News

First reported Apr 17 2014 - Updated Apr 17 2014 - 2 reports

Innominate mGuard OpenSSL HeartBleed Vulnerability (Update A)

OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products. --------- Begin Update A Part 1 of 4 -------- ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 17 2014]
First reported Apr 16 2014 - Updated Apr 16 2014 - 1 reports

Siemens SINEMA Vulnerabilities

OVERVIEW Siemens has identified vulnerabilities in SINEMA server. Siemens has produced a software update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens product is affected: ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 16 2014]
First reported Apr 15 2014 - Updated Apr 16 2014 - 2 reports

Innominate mGuard OpenSSL HeartBleed Vulnerability

OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products. This vulnerability could be exploited remotely. ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
First reported Apr 15 2014 - Updated Apr 15 2014 - 1 reports

Progea Movicon SCADA Information Disclosure Vulnerability

OVERVIEW Celil Ünüver of SignalSEC Ltd. has identified an information disclosure vulnerability in the Progea Movicon application. Progea has produced a new version that mitigates this vulnerability. The researcher has tested the new version to validate ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
First reported Apr 12 2014 - Updated Apr 12 2014 - 1 reports

FBI Private Industry Notification 140410-001.pdf

First reported Apr 10 2014 - Updated Apr 11 2014 - 1 reports

IOServer Out of Bounds Read Vulnerability

OVERVIEW Chris Sistrunk of Mandiant and Adam Crain of Automatak have identified an out of bounds read vulnerability in IOServer’s OPC Server application. IOServer has released a new version that mitigates this vulnerability. The researchers have tested ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 10 2014]
First reported Apr 10 2014 - Updated Apr 10 2014 - 1 reports

Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 Fault Generation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-12-342-01A Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller that was published December 11, 2012, on the NCCIC/ICS-CERT web site. ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 10 2014]
First reported Apr 09 2014 - Updated Apr 10 2014 - 1 reports

DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 09 2014]
First reported Apr 08 2014 - Updated Apr 09 2014 - 1 reports

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

OVERVIEW Siemens has identified a BEAST (Browser Exploit Against SSL/TLS) attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
First reported Apr 08 2014 - Updated Apr 08 2014 - 1 reports

OSISoft PI Interface for DNP3 Improper Input Validation

OVERVIEW Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, have identified an improper input validation vulnerability in the OSIsoft PI Interface for DNP3 product. OSIsoft has produced an update that mitigates this vulnerability. ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
First reported Apr 08 2014 - Updated Apr 08 2014 - 1 reports

WellinTech KingSCADA Stack-Based Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow in the WellinTech KingSCADA Stack. WellinTech has produced a patch that mitigates this vulnerability. This vulnerability could be exploited ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
First reported Apr 08 2014 - Updated Apr 08 2014 - 1 reports

Advantech WebAccess Vulnerabilities

OVERVIEW This advisory is a follow-up to the original advisory titled “ICSA-14-079-03P Advantech WebAccess Vulnerabilities” that was posted to the US-CERT secure Portal library March 20, 2014. Researchers working with HP’s Zero Day Initiative (ZDI), ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]

More Content

All (41) | News (0) | Reports (0) | Blogs (41) | Audio/Video (0) | Fact Sheets (0) | Press Releases (0)
sort by: Date | Relevance
Innominate mGuard OpenSSL HeartBleed Vulnerabil... [Published ICS-CERT Notable Critical Infrastructure News - Apr 17 2014]
(UPDATE) FBI Snort Signatures (Heartbleed) -- A... [Published ICS-CERT Notable Critical Infrastructure News - Apr 17 2014]
Siemens SINEMA Vulnerabilities [Published ICS-CERT Notable Critical Infrastructure News - Apr 16 2014]
Progea Movicon SCADA Information Disclosure Vul... [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
Innominate mGuard OpenSSL HeartBleed Vulnerability [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
Siemens Industrial Products OpenSSL HeartBleed ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
FBI Private Industry Notification 140410-001.pdf [Published ICS-CERT Notable Critical Infrastructure News - Apr 12 2014]
IOServer Out of Bounds Read Vulnerability [Published ICS-CERT Notable Critical Infrastructure News - Apr 10 2014]
Rockwell Allen-Bradley MicroLogix, SLC 500, and... [Published ICS-CERT Notable Critical Infrastructure News - Apr 10 2014]
DNP3 Implementation Vulnerability (Update B) [Published ICS-CERT Notable Critical Infrastructure News - Apr 09 2014]
OSISoft PI Interface for DNP3 Improper Input Va... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
WellinTech KingSCADA Stack-Based Buffer Overflow [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
Siemens Ruggedcom WIN Products BEAST Attack Vul... [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
Advantech WebAccess Vulnerabilities [Published ICS-CERT Notable Critical Infrastructure News - Apr 08 2014]
Schneider Electric OPC Factory Server Buffer Ov... [Published ICS-CERT Notable Critical Infrastructure News - Apr 03 2014]
Schneider Electric Serial Modbus Driver Buffer ... [Published ICS-CERT Notable Critical Infrastructure News - Apr 01 2014]
Siemens ROS Improper Input Validation [Published ICS-CERT Notable Critical Infrastructure News - Mar 28 2014]
Schneider Electric Serial Modbus Driver Buffer ... [Published ICS-CERT Notable Critical Infrastructure News - Mar 27 2014]
Siemens SIMATIC S7-1200 Improper Input Validati... [Published ICS-CERT Notable Critical Infrastructure News - Mar 20 2014]
Siemens SIMATIC S7-1200 Vulnerabilities [Published ICS-CERT Notable Critical Infrastructure News - Mar 20 2014]
Siemens RuggedCom Uncontrolled Resource Consump... [Published ICS-CERT Notable Critical Infrastructure News - Mar 18 2014]
Sielco Sistemi Winlog Multiple Vulnerabilities ... [Published ICS-CERT Notable Critical Infrastructure News - Mar 18 2014]
Siemens SIMATIC S7-1500 CPU Firmware Vulnerabil... [Published ICS-CERT Notable Critical Infrastructure News - Mar 14 2014]
Schneider Electric StruxureWare SCADA Expert Cl... [Published ICS-CERT Notable Critical Infrastructure News - Mar 13 2014]
Yokogawa CENTUM CS 3000 Vulnerabilities [Published ICS-CERT Notable Critical Infrastructure News - Mar 11 2014]
Schneider Electric Floating License Manager Vul... [Published ICS-CERT Notable Critical Infrastructure News - Feb 27 2014]
Schneider Electric OFS Buffer Overflow Vulnerab... [Published ICS-CERT Notable Critical Infrastructure News - Feb 27 2014]
Schneider Electric CitectSCADA Products Excepti... [Published ICS-CERT Notable Critical Infrastructure News - Feb 26 2014]
Schneider Electric SCADA Products Exception Han... [Published ICS-CERT Notable Critical Infrastructure News - Feb 25 2014]
ICS-CERT Year in Review 2013 [Published ICS-CERT Notable Critical Infrastructure News - Feb 24 2014]
1 2
Content Volume
Document Volume
Network
Network

Blogs

sort by: Date | Relevance
Innominate mGuard OpenSSL HeartBleed Vulnerabil... [Published ICS-CERT Notable Critical Infrastructure News - Apr 17 2014]
OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products. --------- Begin Update A Part 1 of 4 -------- ...
(UPDATE) FBI Snort Signatures (Heartbleed) -- A... [Published ICS-CERT Notable Critical Infrastructure News - Apr 17 2014]
FBI Private Industry Notice 140416-002 includes new Snort signatures vetted by FBI & DHS for mitigation regarding the OpenSSL "Heartbleed" vulnerability. ...
Siemens SINEMA Vulnerabilities [Published ICS-CERT Notable Critical Infrastructure News - Apr 16 2014]
OVERVIEW Siemens has identified vulnerabilities in SINEMA server. Siemens has produced a software update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens product is affected: ...
Progea Movicon SCADA Information Disclosure Vul... [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
OVERVIEW Celil Ünüver of SignalSEC Ltd. has identified an information disclosure vulnerability in the Progea Movicon application. Progea has produced a new version that mitigates this vulnerability. The researcher has tested the new version to validate ...
Innominate mGuard OpenSSL HeartBleed Vulnerability [Published ICS-CERT Notable Critical Infrastructure News - Apr 15 2014]
OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products. This vulnerability could be exploited remotely. ...
1 2 3 4 5 6 7 8 9
Contact Us
Sales
Support


Freebase CC-BY Some image thumbnails are sourced from Freebase, licensed under CC-BY

Copyright (C) 2014 Silobreaker Ltd. All rights reserved.
The selection and placement of stories and images on any Silobreaker page are determined automatically by a computer program.
The time or date displayed reflects when an article was added to or updated in Silobreaker.