Contact
(877) 208-4091
info@sofiaitc.com

News

November-December 2017

All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) ...

Meltdown and Spectre Vulnerabilities

All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) ...

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 5.3 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. (WECON) Equipment: LeviStudio HMI Editor Vulnerabilities: Buffer Overflows AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, are affected: LEVI Studio HMI Editor v1.8.29 and prior. IMPACT Successful exploitation of these vulnerabilities may result in arbitrary code execution. MITIGATION WECON recommends that users update to the latest version, which can ...

Moxa MXview

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Moxa Equipment: MXview Vulnerability: Unquoted Search Path or Element. AFFECTED PRODUCTS The following versions of MXview, network management software, are affected: MXview v2.8 and prior. IMPACT Successful exploitation of this vulnerability could allow a local authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. MITIGATION Moxa has produced new firmware Version 2.9 for ...

PHOENIX CONTACT FL SWITCH

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: FL SWITCH Vulnerabilities: Improper Authorization, Information Exposure AFFECTED PRODUCTS All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected. IMPACT Successful exploitation of these vulnerabilities may allow an unauthenticated remote attacker to gain administrative privileges and expose information to unauthenticated users. MITIGATION PHOENIX CONTACT recommends that affected users upgrade ...

Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1400 Controllers Vulnerability: Buffer Overflow AFFECTED PRODUCTS The following versions of MicroLogix 1400 Controllers, a PLC, are affected: MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier Rockwell Automation reports that the following catalogs are affected: 1766-L32AWA 1766-L32AWAA 1766-L32BWA 1766-L32BWAA 1766-L32BXB 1766-L32BXBA IMPACT Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unresponsive ...

General Motors and Shanghai OnStar (SOS) iOS Client

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors (GM), Shanghai OnStar (SOS) Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on August 22, 2017, and is being released to the ICS-CERT web site. AFFECTED PRODUCTS The following version of Shanghai OnStar iOS Client, a vehicle management mobile ...

Delta Electronics Delta Industrial Automation Screen Editor

CVSS v3 5.5 ATTENTION: Low skill level to exploit. Vendor: Delta Electronics, Incorporated (Delta Electronics) Equipment: Delta Industrial Automation Screen Editor Vulnerabilities: Stack-based Buffer Overflow, Use-after-Free, Out-of-bounds Write, Type Confusion AFFECTED PRODUCTS The following versions of Delta Industrial Automation Screen Editor, a graphical user interface (GUI), are affected: Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. IMPACT Successful exploitation of these vulnerabilities may allow an attacker to remotely ...

Advantech WebAccess

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Path Traversal, SQL Injection, Improper Input Validation. AFFECTED PRODUCTS Advantech reports that the vulnerabilities affect the following WebAccess products: WebAccess versions prior to 8.3 IMPACT Successful exploitation of these vulnerabilities could cause the device to crash. An attacker may be able to further exploit this condition to remotely ...

Advantech WebAccess (Update A)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Path Traversal, SQL Injection, Improper Input Validation. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS Advantech reports the vulnerabilities affect the following WebAccess products: WebAccess versions prior ...

10th SFG (A) Green Beret KIA in Afghanistan

1 ...

NSCI Seminar: Status Report on High Performance Computing (HPC) in Asia

US leadership in High Performance Computing (HPC), unquestioned for decades, is now challenged, both in hardware and systems, and more recently in software. This talk provides a description of HPC developments in China, Japan, and (time permitting) India.  

NICE K-12 Cybersecurity Education Conference – Nashville, Tennessee

The NICE K-12 Cybersecurity Education Conference will feature timely and thought-provoking presentations that highlight effective collaborations, bold experiments and innovations, and other potentially game-changing methods in support of bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for two days of focused hands-on workshop and discussion in support of the NICE strategic goals.

NICE K-12 Cybersecurity Education Conference

NICE K-12 Cybersecurity Education Conference | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

NIST Releases 2016 Annual Report on NIST/ITL Cybersecurity Program

NIST Releases 2016 Annual Report on NIST/ITL Cybersecurity Program | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

ITL's National Cybersecurity Center of Excellence Announces New Data Integrity Project

ITL's National Cybersecurity Center of Excellence Announces New Data Integrity Project | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

Need Help Securing Unclassified Government Info? NIST Has an Early Holiday Gift

Need Help Securing Unclassified Government Info? NIST Has an Early Holiday Gift | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

ITL's Computer Security Division Released the Recommendation for the Triple Data Encryption Algorithm Block Cipher Report

ITL's Computer Security Division Released the Recommendation for the Triple Data Encryption Algorithm Block Cipher Report | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

A Path to Obtaining Cybersecurity Work Experience: Interships, Cooperative Education, and Apprenticeships

A Path to Obtaining Cybersecurity Work Experience: Interships, Cooperative Education, and Apprenticeships | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutuberssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

A Path to Obtaining Cybersecurity Work Experience: Internships, Cooperative Education, and Apprenticeships

A Path to Obtaining Cybersecurity Work Experience: Internships, Cooperative Education, and Apprenticeships | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutuberssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

PSCR Network Security Working Group Kickoff

PSCR Network Security Working Group Kickoff | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

NICE Webinar: A Path to Obtaining Cybersecurity Work Experience: Internships, Cooperative Education, and Apprenticeships

NICE Webinar: A Path to Obtaining Cybersecurity Work Experience: Internships, Cooperative Education, and Apprenticeships | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

What Is the Computational Power of the Universe?

What Is the Computational Power of the Universe? | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

ITL's National Cybersecurity Center of Excellence Releases Securing Picture Archiving and Communication System

ITL's National Cybersecurity Center of Excellence Releases Securing Picture Archiving and Communication System | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutubeflickrrssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

Kick Off to National Cybersecurity Career Awareness Week

Kick Off to National Cybersecurity Career Awareness Week | NISTplusminussearchbarschevron-leftchevron-rightquestion-circletwitterfacebooklinkedininstagramyoutuberssenvelopegoogle-plustagth-listcalendarsitemappencilnewspaperchartfile-pdf-olinkJump to content

SofiaITC sign up form


Thank you for signing up for SofiaITC's Newsletter and Articles.

SofiaITClogin form