Friday, June 5, 2020
DHS

Medtronic Conexus Radio Frequency Telemetry Protocol (Update B)

This updated advisory is a follow-up to the advisory update titled ICSMA-19-080-01 Medtronic Conexus Radio Frequency Telemetry Protocol (Update A) that was published January 30, 2020, on the ICS webpage on us-cert.gov. This medical advisory includes mitigations for improper...
DHS

ABB System 800xA

This advisory contains mitigations for Incorrect Default Permissions vulnerabilities in ABB's 800xA distributed control system.
DHS

ABB System 800xA Base

This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in ABB's System 800xA Base distributed control system.
DHS

ABB Multiple System 800xA Products

This advisory contains mitigations for Incorrect Default Permissions vulnerabilities in ABB's System 800xA distributed control system products.
DHS

ABB Central Licensing System

This advisory contains mitigations for Information Exposure; Improper Restriction of XML External Entity Reference; Uncontrolled Resource Consumption; Permissions, Privilege, and Access Controls; Improper Access Control vulnerabilities in ABB's Central Licensing System (CLS) products.
DHS

GE Grid Solutions Reason RT Clocks

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in GE's Grid Solutions Reason RT Clocks.
DHS

SWARCO CPU LS4000

This advisory contains mitigations for an Improper Access Control vulnerability in SWARCO TRAFFIC SYSTEMS' CPU LS4000 traffic light controllers.
DHS

Inductive Automation Ignition

This advisory contains mitigations for missing authentication for critical function and deserialization of untrusted data vulnerabilities in Inductive Automation Ignition products. 
DHS

Johnson Controls Kantech EntraPass

This advisory contains mitigations for an improper access control vulnerability in Johnson Controls Kantech EntraPass products.
DHS

Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS

This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Johnson Controls' Software House C•CURE 9000 and American Dynamics victor Video Management systems.
DHS

Schneider Electric EcoStruxure Operator Terminal Expert

This advisory contains mitigations for SQL Injection, Path Traversal, and Argument Injection vulnerabilities in Schneider Electric EcoStruxure Operator Terminal Expert touchscreen configuration software.
DHS

Rockwell Automation EDS Subsystem

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, and SQL Injection vulnerabiliies in Rockwell Automation EDS Subsystem controllers.
DHS

Emerson OpenEnterprise

This advisory contains mitigations for Missing Authentication for Critical Function, Improper Ownership Management, and Inadequate Encryption Strength vulnerabilities in Emerson OpenEnterprise SCADA software.
DHS

Opto 22 SoftPAC Project

This advisory contains mitigations for External Control of File Name or Path, Improper Verification of Cryptographic Signature, Improper Access Control, Uncontrolled Search Path Element, and Improper Authorization vulnerabilities in the Opto 22 SoftPAC Project, a virtual PLC.
DHS

Emerson WirelessHART Gateway

This advisory contains mitigations for an Improper Access Control vulnerability in the Emerson WirelessHART Gateway.
DHS

3S-Smart Software Solutions GmbH CODESYS V3 (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-19-213-04 3S-Smart Software Solutions GmbH CODESYS V3 that was published August 1, 2019, to the ICS webpage on us-cert.gov. This advisory includes mitigations for an insufficiently protected credentials...
DHS

Eaton Intelligent Power Manager

This advisory contains mitigations for improper input validation and incorrect privilege assignment vulnerabilities in Eaton's Intelligent Power Manager, a software monitoring and management platform.
DHS

OSIsoft PI System

This advisory contains mitigations for a several vulnerabilities in the OSIsoft PI System, a real-time data historian application.
DHS

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update C)

This updated advisory is a follow-up to the advisory update titled 20-042-06 Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC that (Update B) was published April 14, 2020, to the ICS webpage on us-cert.gov. This advisory contains...
DHS

Interpeak IPnet TCP/IP Stack (Update D)

This updated advisory is a follow-up to the updated advisory titled ICSA-19-274-01 Interpeak IPnet TCP/IP Stack (Update C) that was published February 18, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for stack-based buffer overflow, heap-based buffer...
The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.