ZLAN Information Technology Co. ZLAN5143D
View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. The following versions of ZLAN Information Technology Co. ZLAN5143D are affected: ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789) CVSS Vendo…
AVEVA PI to CONNECT Agent
View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent <=v2.4.2520 (CVE-2026-1495) CVSS Vendor Equipment Vulnerabilities v3 6.5 AVEVA AVEVA…
SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability
Overview This advisory is a follow-up to ICS-ALERT-10-260-01 SCADA Engine BACnet OPC Client Buffer Overflow, which was published on the ICS-CERT Web site on September 17, 2010. A buffer overflow vulnerability has been reportedSecunia Advisory SA41466, http://secunia.com/advisories/41466/, website…
Stuxnet Malware Mitigation (Update B)
Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ICSA-10-201 USB Malware Targeting Siemens Control Software.” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities an…
Vendor Admin Accounts Warning
Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on th…
USB Malware Targeting Siemens Control Software (Update C)
Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this…
Cisco Network Building Mediator
Overview Cisco has identified multiple security vulnerabilitiesCisco, http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml, website last visited May 27, 2010. in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richar…
Wind River VxWorks Vulnerabilities
Overview A security researcher has identified two vulnerabilities affecting the Wind River Systems’ VxWorks platform. The vulnerabilities are a debug service enabled by default (VU#362332) and a weak hashing algorithm used in authentication (VU#840249). ICS-CERT has been coordinating with CERT/CC…
Rockwell Automation RSLinx Classic EDS Vulnerability (Update A)
OVERVIEW A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool (RSHWare.exe). This vulnerability is likely exploitable; however, significant user interaction would be required. AFFECTED PRODUCTS EDS Hardware Installation Tool Version 1.0.5…
ABB NETCADOPS HELP SYSTEM VULNERABILITY
Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScripting(XSS) vulnerability exists in the system used by the ABB Electrical Distribution Management System (DMS) product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB…