us-cert

Overview The sun generates solar flare and coronal mass ejection (CME) events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk to critical infrastructure. In a recent case, Earth-orbiting satellites detected the strongest magnetic storm in more than 4 years resulting from a solar flare and CME event.National Oceanic and Atmospheric Administration (NOAA), Space Weather Prediction Center, http://www.swpc.noaa.gov/sxi/index.html, last accessed March 1, 2011. Figure 1 illustrates the size of the CME shockwave edge in relation to the size of the sun at the point of the eruption.      Figure 1. X2-solar flare and coronal mass ejection at the time of the eruption.  At 0156 UT on February 15, 2011, Active Region 11158 unleashed an X2-class eruption.James A. Marusek, “Solar Storm Threat Analysis,” http://www.breadandbuttersc...

Overview ICS-CERT has received a report from independent security researcher Dan Rosenberg with Virtual Security Research (VSR) of an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation, and remote code execution against the backend host running the database service. ICS-CERT has coordinated with Ecava, which has verified the vulnerability and developed a patched release of IntegraXor (Build 4050) to address this vulnerability. Both ICS-CERT and the independent security researcher have validated the patch. Affected Products This vulnerability affects all IntegraXor versions prior to Version 3.60 (Build 4032). Impact A successful exploit of this vulnerability could lead to arbitrary data leakage, data manipulation, and remote code execution. The exact impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends t...

Overview This advisory is a follow-up to ICS-ALERT-11-066-01 - WellinTech KingView 6.53 ActiveX Vulnerability, published on the ICS-CERT Web page on March 7, 2011. An independent security researcher reported a stack-based buffer overflow vulnerability in an ActiveX control in WellinTech KingView V6.53. The researcher has publicly released exploit code for this vulnerability. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code. WellinTech has released an update for the vulnerable file. ICS-CERT has confirmed the update resolves the vulnerability. Affected Products This vulnerability affects all language versions of WellinTech KingView V6.53. Impact Because KingView is widely used in many sectors and different applications, the impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architec...

Overview An independent security researcher has published information to a vulnerability disclosure website regarding a buffer overflow vulnerability in the Wonderware InBatch and I/A Series Batch software products (all supported versions). According to the researcher’s report, the service listening on TCP Port 9001 is vulnerable to a buffer overflow that could cause denial of service (DOS) or the possible execution of arbitrary code. This vulnerability is remotely exploitable and exploit code is publicly available. --------- Begin Update A Part 1 of 2 ---------- Invensys has validated the researcher’s claim and has released a patch for this vulnerability. The patch can be downloaded at Invensys Cyber Security Updates page.a ICS-CERT has validated the patch. ---------- End Update A Part 1 of 2 ---------- ICS-CERT is coordinating this vulnerability disclosure with Invensys and the CERT Coordination Center (CERT/CC). Affected Products This vulnerability affects all supported versions of ...

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The following ClearSCADA versions are affected: ClearSCADA 2005 (all versions) ClearSCADA 2007 (all versions) ClearSCADA 2009 (all versions except R2.3 and R1.4). --------- Begin Update A – Part 1 of 3 ---------- This Advisory applies to all versions of SCX (from Serck UK or Serck Aus) that are older than the following (these SCX versions bundle ClearSCADA in the package): SCX Version 67 R4.5 SCX Version 68 R3.9. ---------- End Update A – Part 1 of 3 ---------- Impact Successful exploitation of the vulnerabilities reported in this Advisory requires an attacker to have a level of skill that ranges from intermediate to high depending on the specific vulnerability and desired objective. An attacker c...

Overview McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”McAfee, http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, accessed February 10, 2011.  which describes advanced persistent threat activity designed to obtain sensitive data from targeted organizations in the global oil, energy, and petrochemical industries. According to the report, this activity began in 2009 or potentially as early as 2007. Impact The threat McAfee identifies as Night Dragon focused specifically on the energy sector; however, the tools and techniques used by Night Dragon can be highly successful when targeting any industry. Other sectors may also be vulnerable and under similar persistent cyber espionage attacks. Background According to the report, the attacks have been ongoing since November 2009 and involve social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft ...

Overview ICS-CERT has received a report from independent security researcher Jeremy Brown that a remote heap corruption vulnerability exists in IGSS (Interactive Graphical SCADA System) Version 8 from 7-Technologies (7T). 7T has verified the vulnerability and has developed a patch. Affected Products This vulnerability affects only IGSS Versions 8 and 9. Users can contact 7T for additional information. Impact According to 7T, this vulnerability is more likely to be exploited for a denial of service (DoS); however, arbitrary code execution may be possible. Background 7T is based in Denmark and creates monitoring and control systems that are primarily used in Europe and South Asia in the wastewater, water supply, and marine industries. IGSS is an HMI (Human-Machine Interface) application used to control and monitor PLCs (Programmable Logic Controllers) in industrial processes. According to the IGSS website, IGSS has been installed in over 28,000 industrial plants in 50 countries worldwide...

Overview The US Federal Aviation Administration (FAA) has issued two flight advisories identifying planned Global Positioning System (GPS) temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing this advisory as a follow up to yesterday’s alert to notify industrial control systems (ICS) owners and operators whose control systems employ GPS for timing reference or positioning data of possible intermittent GPS service during the testing. FAA Advisories for GPS Testing CHLK GPS 11-06 Location: Porterville, CAFAA, “Flight Advisory GPS Testing CHLK GPS 11-06 January 16−23, 2011, Porterville, CA,” http://www faasafety.gov/files/notices/2011/Jan/Flight advisory porterville GPS.pdf, accessed January 24, 2011. Date: January 16 through January 23, 2011. Duration: This test has been completed. CSFTL GPS 11-01 Location: Brunswick, GAFAA, “Flight Advisory GPS Testing CSFTL GPS 11-01 January 20−...

Overview The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has developed a patch to address this vulnerability. The researcher has also verified that the patch resolves the issue. Affected Products This vulnerability affects all OPC SCADA Viewer versions prior to Version 1.5.2 (Build 110). Impact A successful exploit of this vulnerability could lead to arbitrary code execution. The exact impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation. Background AGG Software is a North American company that produces data acquisition, data logging, and monitoring software for hardw...

Overview Independent researcher Luigi Auriemma reported a stack overflow vulnerability in Version 2.07.00 of the Sielco Sistemi WinLog Lite and Winlog Pro HMI software. Sielco Sistemi has developed an update (Version 2.07.01) to address this vulnerability. The researcher has verified that the update is effective in correcting this vulnerability. Affected Products This vulnerability affects all versions of Sielco Sistemi’s WinLog Lite and WinLog Pro prior to Version 2.07. 00. Impact Winlog is used in building automation, monitoring systems, and food production in 16 countries around the world. Sielco Sistemi is based in Italy. While a successful exploit of this vulnerability could lead to arbitrary code execution, the impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation. Background Winlog is a SC...