Tuesday, March 19, 2019
DHS

AVEVA InduSoft Web Studio and InTouch Edge HMI

This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVA's InduSoft Web Studio and InTouch Edge human machine interface software.
DHS

Columbia Weather Systems MicroServer

This advisory includes mitigations for cross-site scripting, path traversal, improper authentication, improper input validation, and code injection vulnerabilities in Columbia Weather Systems MicroServer weather monitoring system.
DHS

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files

This advisory includes mitigations for an out-of-bounds write vulnerability in LCDS's LAquis SCADA industrial automation software.
DHS

LCDS LAquis SCADA ELS Files

This advisory includes mitigations for an out-of-bounds write vulnerability in LCDS's LAquis SCADA industrial automation software.
DHS

Gemalto Sentinel UltraPro

This advisory includes mitigations for an uncontrolled search path element in Gemalto's Sentinel UltraPro encryption keys.
DHS

PEPPERL+FUCHS WirelessHART-Gateways

This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products.
DHS

WIBU SYSTEMS AG WibuKey Digital Rights Management (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-19-043-03 Siemens Licensing Software for SICAM 230 (Update A) that was published February 14, 2019, on the NCCIC/ICS-CERT website. This advisory includes mitigations for information exposure, out-of-bounds write,...
DHS

Rockwell Automation RSLinx Classic

This advisory includes mitigations for a stack-based buffer overflow vulnerability in Rockwell Automation's RSLinx Classic PLC communications software.
DHS

Rockwell Automation RSLinx Classic

This advisory includes mitigations for a stack-based buffer overflow vulnerability in Rockwell Automation's RSLinx Classic PLC communications software.
DHS

PSI GridConnect Telecontrol

This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnect's Telecontrol compact DIN rail device.
DHS

Moxa IKS, EDS

This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, uncontrolled resource...
DHS

Intel Data Center Manager SDK

This advisory provides mitigation recommendations for improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities reported in Intel's Data Center Manger software development kit.
DHS

Delta Industrial Automation CNCSoft

This advisory provides mitigation recommendations for an out-of-bounds read vulnerability reported in the Delta Electronics Delta Industrial Automation CNCSoft.
DHS

Horner Automation Cscape

This advisory includes mitigations for an improper input validation vulnerability in the Horner Automation Cscape software.
DHS

Rockwell Automation Allen-Bradley PowerMonitor 1000

This advisory provides mitigation recommendations for cross-site scripting and authentication bypass vulnerabilities reported in Rockwell Automation's Allen-Bradley PowerMonitor 1000, a compact power monitor.
DHS

Pangea Communications Internet FAX ATA

This advisory provides mitigation recommendations for an authentication bypass using an alternate path or channel vulnerability reported in the Pangea Communications Internet FAX analog telephone adapter.
DHS

gpsd Open Source Project

This advisory was originally posted to the HSIN ICS-CERT library on November 6, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory includes mitigations for a stack-based buffer overflow vulnerability in the gpsd Open Source Project gpsd...
DHS

OSIsoft PI Vision

This advisory includes mitigations for a cross-site scripting vulnerability in OSIsoft's PI Vision web page application.
DHS

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays

This advisory includes mitigations for an improper input validation vulnerability in the Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays product.
DHS

Siemens Licensing Software for SICAM 230

This advisory includes mitigations for improper input validation vulnerabilities in the Siemens Licensing Software for SICAM 230.
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.