exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from ICS-CERT

Email addressics-cert at dhs.gov
First Active2011-12-14
Last Active2014-09-01
ICS-CERT Advisory - Schneider Electric Wonderware
Posted Sep 1, 2014
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory 14-238-02 - Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server (WIS). Schneider Electric has produced an update that mitigates these vulnerabilities. Some of these vulnerabilities could be exploited remotely.

tags | advisory, vulnerability
advisories | CVE-2014-2380, CVE-2014-2381, CVE-2014-5397, CVE-2014-5398, CVE-2014-5399
SHA-256 | e850a4bb6ae07055ff00878ae3e6e5133655aa4d07e4084a152cb16a2cd12e30
ICS-CERT Advisory - Siemens WinCC 7.0 SP3
Posted Mar 21, 2013
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory 13-079-02 - This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Independent researcher Sergey Gordeychik of Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has produced a software update that fully resolves these vulnerabilities. Exploitation of these vulnerabilities could allow a denial of service (DoS) condition, unauthorized read access to files, or remote code execution. This could affect multiple industries, including food and beverage, water and wastewater, oil and gas, and chemical sectors worldwide. These vulnerabilities could be exploited remotely.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2013-0678, CVE-2013-0676, CVE-2013-0679, CVE-2013-0674, CVE-2013-0677, CVE-2013-0675
SHA-256 | e86d7625da69e96f25c03a09637a085e26ecba22b2bf0dd2a1cd0873bb1460d9
ICS-CERT Advisory - C3-ILEX EOSCADA DoS / Leakage
Posted Nov 3, 2012
Authored by ICS-CERT, Dale Peterson | Site ics-cert.org

ICS-CERT Advisory 12-271-01 - This Advisory is a follow-up release to the original Advisory which was posted to the US-CERT secure Portal library October 08, 2012. Dale Peterson of Digital Bond has identified multiple vulnerabilities in the C3-ilex's EOScada application that can result in data leakage and a denial-of-service (DoS) condition. C3-ilex has produced a patch that resolves these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-1810, CVE-2012-1811, CVE-2012-1812, CVE-2012-1813
SHA-256 | 2dbc28bc1abdae2611ac393447f9f3c191203496af620601f16a8d74aa1efb70
ICS-CERT Advisory - GarrettCom Privilege Escalation
Posted Sep 6, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory 12-243-01 - Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of access to the system to escalate the attacker’s privilege to the administrative level. The attacker must have access to a logon account on the device to exploit this vulnerability. GarrettCom has produced a patch that mitigates this vulnerability.

tags | advisory, remote
advisories | CVE-2012-3014
SHA-256 | 71f6ced785250177950747b2672a05eeff6721af0e798ee700d0e98c8b4b363b
ICS-ALERT 12-234-01 - Key Management In RuggedCom
Posted Aug 22, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory 12-234-01 - ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc. According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device.

tags | advisory
SHA-256 | ccc2e9d5add6093115adb23c1f03197a8b414917e07e5bc98ead1c99683d33a0
ICS-CERT Advisory - Tridium Niagara Issues
Posted Aug 17, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4027, CVE-2012-4028, CVE-2012-3025, CVE-2012-3024
SHA-256 | a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649b
ICS-ALERT 11-346-01 - Schneider Electric Quantum Ethernet Module
Posted Dec 14, 2011
Authored by ICS-CERT | Site ics.cert.org

ICS-Alert 11-346-01 - On December 12, 2011, independent security researcher Rubén Santamarta publicly announced details of multiple vulnerabilities affecting the Schneider Electric Quantum Ethernet Module. Prior to publication, Mr. Santamarta notified ICS-CERT of the vulnerabilities. ICS-CERT is coordinating mitigations with Mr. Santamarta and Schneider Electric. Schneider has produced a fix for two of the reported vulnerabilities and is continuing to develop additional mitigations.

tags | advisory, vulnerability
SHA-256 | 9778d7636ef3e4a79ff7e21dffc414c0bcb49002566536caf10085dd1ba06dcc
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close