1. EXECUTIVE SUMMARY CVSS v7.5 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Yokogawa Equipment: Vnet/IP Open Communication Driver Vulnerability: Resource Management Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. 3. TECHNICAL…

Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer…

    1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Stack-based Buffer Overflow, Use After Free, Access of Uninitialized Pointer, Double Free, Out-of-bounds Write, Untrusted Pointer Dereference, Heap-based Buffer Overflow. 2. UPDATE INFORMATION This updated advisory…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Heap-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 27, 2018, and is being released…

. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to conduct a phishing attack. 3. TECHNICAL DETAILS 3.1…

Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/HatMan malware specifically targets these vulnerabilities. Vendor: Schneider Electric Equipment: Triconex Tricon, Model 3008 Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious language file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: CMS-770 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read sensitive configuration files that may lead to code execution on the device. 3….