IN11-502: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN11-502 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct document.

 

This note covers 6 important Vulnerabilities and also includes information on ICS-CERT and Stuxnet.

 

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security CCIRC IN11-502  (24 kb)  No distribution permitted – see details below.

 

The Vulnerabilities covered are:

1. Control Microsystems/SchneiderClearSCADA Vulnerabilities
2. IGSS ODBC Server Vulnerability
3. Advantech Studio NTWebServer Buffer Overflow Vulnerability
4. Wellintech Kingview 6.53 Remote Heap Overflow
5. Sielco Sistemi Winlog Vulnerability
6. OPC SCADA Viewer Vulnerability

 

The additional topics covered are:

ICS-CERT year in review, and Stuxnet origins back to June of 2009.

 

No distribution permitted

You are accessing this document because you are a bona fide ICS or SCADA security professional.  Do not redistribute this information or post it on the internet. 

 

If you know someone who would like this document, please send them the link:

http://www.tofinosecurity.com/user/register

to register for this website to obtain access. (You cannot go to this link right now because you are logged into this website.  The link works for people who are not logged in.)