Intellicom NetBiter WebSCADA Vulnerabilities

CVEs (4)

Remediations

• The default user in NetBiter products has superadmin privileges. Therefore, it is strongly recommended that users change the default password immediately when commissioning the product. In addition, users are advised to provide only the necessary privileges to non-administrator users of the product (least privileges mode of operation).
• IntelliCom recommendsIntelliCom, IntelliCom Security Bulletin - ISFR-4404-0010- Information. “ISFR-4404-0010.npb” available from that users of the WS100/WS200 products apply the following patch “ISFR-4404-0010.npb, available from (http://support.intellicom.se).”
• Other recommendations include: Place all control systems assets behind firewalls and isolated from the business network and the Internet. Deploy secure remote access methods such as virtual private networks (VPNs) for remote access. Remove, disable, or rename any default system accounts (where possible). Implement account lockout policies to reduce the risk from brute forcing attempts. Implement policies requiring the use of strong passwords. (http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf). Monitor the creation of administrator level accounts by third-party vendors.

Affected Vendors

Affected Products (5)