Saturday, January 19, 2019
DHS

Omron CX-Supervisor

This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omron's CX-Supervisor software.
DHS

ABB CP400 Panel Builder TextEditor 2.0

This advisory provides mitigation recommendations for an improper input validation vulnerability in ABB's CP400 Panel Builder TextEditor 2.0.
DHS

ControlByWeb X-320M

This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station.
DHS

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

This advisory includes mitigations for improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and authentication bypass using an alternate path or channel vulnerabilities in the LCDS LAuuis...
DHS

Emerson DeltaV

This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emerson's DeltaV distributed control system workstation products.
DHS

Omron CX-One CX-Protocol

This advisory provides mitigation recommendations for a type confusion vulnerability in Omron's CX-Protocol within the CX-One software.
DHS

Pilz PNOZmulti Configurator

This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool.
DHS

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4

This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise...
DHS

Schneider Electric Zelio Soft 2

This advisory provides mitigation recommendations for a use after free vulnerability in Schneider Electric's Zelio Soft 2 programming platform.
DHS

Schneider Electric IIoT Monitor

This advisory includes mitigations for path traversal, unrestricted upload of file with dangerous type, and XXE vulnerabilities in the Schneider Electric IIoT Monitor software.
DHS

Schneider Electric Pro-face GP-Pro EX

This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electric's Pro-face GP-Pro EX, an HMI screen editor and logic programming software.
DHS

Yokogawa Vnet/IP Open Communication Driver

This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawa's Vnet/IP open communication driver.
DHS

Hetronic Nova-M

This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronic's Nova-M remote control transmitters and receivers.
DHS

Horner Automation Cscape

This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software.
DHS

Schneider Electric EcoStruxure

This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform.
DHS

Rockwell Automation FactoryTalk Services Platform

This advisory was originally posted to the HSIN ICS-CERT library on November 27, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a heap-based buffer overflow vulnerability in the Rockwell Automation FactoryTalk Services...
DHS

ABB GATE-E2

This advisory provides mitigation recommendations for missing authentication for critical function and cross-site scripting vulnerabilities in ABB's GATE-E2 ethernet devices.
DHS

Advantech WebAccess/SCADA

This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantech's WebAccess/SCADA software platform.
DHS

3S-Smart Software Solutions GmbH CODESYS Control V3 Products

This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products.
DHS

3S-Smart Software Solutions GmbH CODESYS V3 Products

This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products.
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more