Timely information on ICS and SCADA security issues is available via Byres Security Inc.'s Canadian Cyber Incident Response Centre Information (CCIRC) information notes on Cyber Threats and Vulnerabilities Against SCADA Systems. The information is posted on tofinosecurity.com, part of Byres Security.
Published by the Government of Canada, the CCIRC notes are summaries of the numerous CERT, Bug-trak, and CVE security bulletins, condensing hundreds of pages of information down to three or four pages.
This month’s note, IN10-502, includes the following:
Vulnerabilities:
1. Modbus/TCP OPC Server Vulnerability (Nov. 18)
2. Realflex Technologies Ltd. Realwin SCADA Vulnerability (Nov. 9)
3. VTScada Internet Server Access Privileges Exploitation (Oct. 26)
4. MOXA Device Manager Buffer Overflow Vulnerability (Oct. 20)
5. BACnet OPC Client Buffer Overflow Vulnerability (Sept. 21)
In order to access this information, you need to become a member of tofinosecurity.com. Visit the tofinosecurity.com registration page.
(New member registrations are processed within two business days. If your request is extremely urgent, please call (250) 984-4105 or e-mail [email protected].)