The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.
The DHS’s ICS-CERT issued an advisory on Wednesday that exploit code was circulating on the internet for security holes affecting the Italian vendor Sinapsi’s eSolar Light Photovoltaic System Monitor.
The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges and so on.
ICS-CERT said in its advisory that the vulnerabilities, if successfully exploited, could allow attackers to remotely connect to the management server, “executing remote code, possibly affecting the availability and integrity of the device.”
General information pulled from the blog on Naked Security:
- Hackers pwn the sun – Exploit code released for software used to manage solar energy plants (nakedsecurity.sophos.com)
After a little over a month since the release since Firefox 14, version 15 got released yesterday fixing about 2,200 bugs. Other than that, 16 critical security vulnerabilities have been addressed. Of course, the normal memory management tweaks were made to make the user experience smoother and more responsive. It continues to utilize the hidden update features, making the updates for it silent. Then, afterward prompts you to restart Firefox to finish updating. This version is most recommended, and you should update now to protect against security threats and exploits.
You can update now at: https://www.mozilla.com
- Firefox 15 released: Seven critical vulnerabilities patched and stealthy updates too! (nakedsecurity.sophos.com)
- Debunking A Misconception About Firefox Releases (mozilla.org)
Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.
The privilege escalation vulnerability fixed in the new 304.32 version of the Nvidia Unix driver 304.32 was publicly disclosed last Wednesday by Dave Airlie, a principal engineer in the graphics team at Linux vendor Red Hat.
The public disclosure was done at the request of an anonymous researcher who originally discovered the flaw and after Nvidia failed to respond to a private report about the vulnerability, Airlie said in an email sent to the Full Disclosure mailing list.
Airlie’s message also included proof-of-concept exploit code created by the anonymous researcher to demonstrate the vulnerability.
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (techworld.com.au)
- Nvidia releases Unix driver to fix high-risk vulnerability (infoworld.com)
- NVIDIA closes hole in proprietary Unix driver (h-online.com)
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (pcadvisor.co.uk)
- NVIDIA Driver Bug Grants Arbitrary Root Access to Local Users (hotforsecurity.com)
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities:
- Firefox 14
- Firefox ESR 10.0.6
- Thunderbird 14
- Thunderbird ESR 10.0.6
- SeaMonkey 2.11
These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, operate with elevated privileges, bypass security restrictions, or perform a cross-site scripting attack.
US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 14, Firefox ESR 10.0.6, Thunderbird 14, Thunderbird ESR 10.0.6, and SeaMonkey 2.11 and apply any necessary updates to help mitigate the risk.