* You are viewing the archive for the ‘Industrial Control Systems’ Category

[ICS] Siemens Announces Password Security Weakness in SIMATIC S7 Controllers

Siemens has announced a password security problem in an authentication mechanism used in their SIMATIC S7 series of programmable controllers. No patch is available yet. Until a fix is available, some defensive guidance is available at the reference link below. The following Siemens SIMATIC S7 platforms are affected:

S7-200
S7-1200
S7-300
S7-400

References:
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51401544&caller=view

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

[ICS] 7-Technologies Interactive Graphical SCADA System Security Update Released

7-Technologies has released a security patch for their Interactive Graphical SCADA System software. As of this writing (10 Feb 2011), no public exploit code exists.

References:
http://www.igss.com/download/licensed-versions.aspx
http://www.us-cert.gov/control_systems/pdf/ICSA-11-018-02.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

[ICS] Control Microsystems ClearSCADA Security Updates Released

Control Microsystems has released an update to address some security issues in their ClearSCADA product. The fix is to upgrade to one of the the following three ClearSCADA versions 2010 R1, 2009 R2.3, or 2009 R1.4.

References:
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
http://www.clearscada.com/services-support/software-updates/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

[ICS] AGGsoftware SCADA Viewer OPC Buffer Overflow Issue Fixed

AGGsoftware’s OPC SCADA Viewer version 1.5.2 Build 110 fixes a security bug. Details are in the first link below.

References:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-018-01.pdf
http://www.aggsoft.com/opc-scada/download.htm

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

[ICS] Sielco Sistemi Winlog Security Update Released

Sielco Sistemi Winlog version 2.07.01A fixes an important security issue. The underlying bug is present in all versions of Sielco Sistemi WinLog Lite and WinLog Pro up to and including version 2.07.00.

UPDATE 24 Jan 2011 – A reliable expoit is now available in the White Phosporous (commercial) add-on for Immunity CANVAS.

References:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-017-02.pdf
[Updated Lite version] http://www.sielcosistemi.com/download/WinlogLite_Setup.exe
[Updated Pro version] http://www.sielcosistemi.com/download/Winlog_Setup_SF.exe

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

[ICS] Wellintech KingView SCADA Security Update Released

A remotely exploitable vulnerability has been reported in the Wellintech KingView SCADA system. At least Wellintech KingView version 6.5.3 is affected. Exploit code is available (first link below). As of this writing, no patch has been released.

UPDATE 19 Jan 2011 – Wellintech has released a patched library to address the problem.

References:
http://downloads.securityfocus.com/vulnerabilities/exploits/45727.py
http://www.us-cert.gov/control_systems/pdf/ICS-Alert-11-011-01.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Exploit Released for Unpatched Vuln in TRACE MODE Data Center SCADA System

An exploit (Agora Pack version 1.22 for Immunity CANVAS) has been released for an as yet unpatched vulnerability in TRACE MODE Data Center SCADA management system.

References:
http://www.tracemode.com/products/runtime/scada/DataCenter/
http://gleg.net/agora.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share