Apache Commons Collections Java Library Vulnerability

Original release date: November 13, 2015 US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and Read more about Apache Commons Collections Java Library Vulnerability[…]

Google Releases Security Updates for Chrome and Chrome OS

Original release date: November 11, 2015 Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Chrome 46.0.2490.86 for Windows, Mac and Linux Chrome 46.0.2490.82 for all OS devices Users and Read more about Google Releases Security Updates for Chrome and Chrome OS[…]

Information Security

SDG Technologies Plug and Play SCADA XSS Vulnerability

NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by inserting malicious script in the HTML request to web servers. Source: US-CERT ICS Read more about SDG Technologies Plug and Play SCADA XSS Vulnerability[…]

Information Security

Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-01 Rockwell Automation 1769-L18ER and Logix5318ER Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1769-L18ER/A LOGIX5318ER Read more about Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)[…]

Rockwell Automation 1766-L32 Series Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-02 Rockwell Automation 1766-L32 Series Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a remote file inclusion vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1766-L32BWAA/1766-L32BXBA web Read more about Rockwell Automation 1766-L32 Series Vulnerability (Update A)[…]

Information Security

KAKO HMI Hard-coded Password

NCCIC/ICS-CERT is aware of a public report of a hard-coded password vulnerability with proof-of-concept (PoC) exploit code affecting KAKO HMI products. According to this report, the password is easily found in the client code. This report was released before coordination could be completed with the vendor and ICS-CERT. ICS-CERT has notified the affected vendor of Read more about KAKO HMI Hard-coded Password[…]

Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities

NCCIC/ICS-CERT is aware of public reports of vulnerabilities with some proof-of-concept (PoC) exploit code affecting several Schneider Electric’s Modicon M340 PLC Station P34 I/O modules. This is a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. ICS CERT is issuing this alert to provide early notice of the reports and identify baseline mitigations for reducing Read more about Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities[…]

Information Security

IC3 Issues Internet Crime Report for 2014

Original release date: May 22, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details and refer to Read more about IC3 Issues Internet Crime Report for 2014[…]

Information Security

Google Releases Security Update for Chrome

Original release date: May 19, 2015 Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary Read more about Google Releases Security Update for Chrome[…]