Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a...
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing...
Siemens NX is affected by missing data validation vulnerability that could allow an attacker with local access on a compromised system to interfere with internal data during the PDF export process...
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to exploit user accounts, manipulate data, impersonate users, or achieve arbitrary code...
The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to...
Siemens ET 200 devices contain a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive...
A vulnerability was identified in the Automation License Manager software before V5.2 that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This...
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and...
Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to...
SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SINEC OS before V3.2 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SINEC OS before V3.1 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
This research is intended to find out which approaches to cybersecurity governance on the national level are currently in place around the world (especially in the sphere of protecting critical...
Kaspersky Lab ICS-CERT is launching a series of articles devoted to vulnerability analysis across the world. The articles aim to highlight patch management problems in the ICS world. Each article...
In October 2016, Kaspersky Lab ICS CERT detected a targeted attack aimed at industrial organizations. The worst affected were companies in the smelting, electric power generation and transmission,...
The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape...
The “WannaCry” outbreak has being reported on May 12 2017 by many independent sources all over the World. Based on KL ICS CERT live reports we decided to warn industrial organizations that they...
This article is devoted to vulnerabilities in General Electric products. The article looks only at known vulnerabilities, a list of which was prepared based using the MITRE CVE database. All the...
During the period from 12 to 15 May 2017, numerous companies across the globe were attacked by a network cryptoworm called WannaCry. The worm’s victims include various manufacturing companies, oil...
According to our telemetry, we see evidence that many industrial companies are being attacked by ExPetr (Petya) malware. While there were examples of actual industrial control systems being...
Language pack (ZIP file) with invalid HTML files lead to NULL pointer access. Remote attacker can create language pack file on their own with invalid HTML file. The vulnerability cause denial of...
IBM X-Force has published a report on cyber security risks in the energy and utilities sector.
The MITRE Corporation has recognized Kaspersky Lab as an authority in the area of vulnerabilities, granting the company the CVE Numbering Authority (CNA) status.
On 18 September 2017, Piriform, a software company, announced that its CCleaner utility, which is designed to optimize the operation of Windows, had been hacked.
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for...
Stack overflow in custom XML-parser in Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service
Kaspersky Lab has released the results of Kaspersky Industrial CTF 2017 qualifications, which were held online on October 6-8, 2017. This year’s tournament is truly international, with 696 teams...
On October 16, information on critical vulnerabilities in the WPA2 protocol, which enable attackers to bypass protection and listen to Wi-Fi traffic, was disclosed. Comments from Kaspersky Lab ICS...
US-CERT has published a report on a targeted (APT) attack on government entities and organizations in energy, nuclear, aviation and other sectors. The attackers were interested in documents on...
The finals of Kaspersky Industrial CTF 2017, an industrial cybersecurity contest, were held in Shanghai. This was the third CTF (Capture the Flag) tournament organized by Kaspersky Lab and the...