[CERT-daily] Tageszusammenfassung - Mittwoch 4-12-2013

Daily end-of-shift report team at cert.at
Wed Dec 4 18:40:04 CET 2013 

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 03-12-2013 18:00 − Mittwoch 04-12-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner




*** Mitigating attacks on Industrial Control Systems (ICS); the new Guide from EU Agency ENISA ***
---------------------------------------------
The EU's cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations...
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/mitigating-attacks-on-industrial-control-systems-the-new-guide-from-enisa




*** Elecsys Director Gateway Improper Input Validation Vulnerability ***
---------------------------------------------
Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-337-01




*** Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries ***
---------------------------------------------
Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries
---------------------------------------------
http://www.securitytracker.com/id/1029420




*** Cisco ONS 15454 Controller Cards Can Be Reset By Remote Users ***
---------------------------------------------
http://www.securitytracker.com/id/1029421




*** D-Link DIR Series Routers __show_info.php information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89343

More information about the Daily mailing list