Information Security

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Original release date: November 17, 2015 Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins for ColdFusion, LiveCycle Read more about Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip[…]

Apache Commons Collections Java Library Vulnerability

Original release date: November 13, 2015 US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and Read more about Apache Commons Collections Java Library Vulnerability[…]

Google Releases Security Updates for Chrome and Chrome OS

Original release date: November 11, 2015 Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Chrome 46.0.2490.86 for Windows, Mac and Linux Chrome 46.0.2490.82 for all OS devices Users and Read more about Google Releases Security Updates for Chrome and Chrome OS[…]

Information Security

SDG Technologies Plug and Play SCADA XSS Vulnerability

NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by inserting malicious script in the HTML request to web servers. Source: US-CERT ICS Read more about SDG Technologies Plug and Play SCADA XSS Vulnerability[…]

Information Security

Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-01 Rockwell Automation 1769-L18ER and Logix5318ER Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1769-L18ER/A LOGIX5318ER Read more about Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)[…]

Rockwell Automation 1766-L32 Series Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-02 Rockwell Automation 1766-L32 Series Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a remote file inclusion vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1766-L32BWAA/1766-L32BXBA web Read more about Rockwell Automation 1766-L32 Series Vulnerability (Update A)[…]

Information Security

KAKO HMI Hard-coded Password

NCCIC/ICS-CERT is aware of a public report of a hard-coded password vulnerability with proof-of-concept (PoC) exploit code affecting KAKO HMI products. According to this report, the password is easily found in the client code. This report was released before coordination could be completed with the vendor and ICS-CERT. ICS-CERT has notified the affected vendor of Read more about KAKO HMI Hard-coded Password[…]

Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities

NCCIC/ICS-CERT is aware of public reports of vulnerabilities with some proof-of-concept (PoC) exploit code affecting several Schneider Electric’s Modicon M340 PLC Station P34 I/O modules. This is a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. ICS CERT is issuing this alert to provide early notice of the reports and identify baseline mitigations for reducing Read more about Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities[…]

Information Security

IC3 Issues Internet Crime Report for 2014

Original release date: May 22, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details and refer to Read more about IC3 Issues Internet Crime Report for 2014[…]