ICSA-19-059-01
·
Published 2019-02-28
·
View on CISA ICS-CERT ↗
PSI GridConnect Telecontrol
CVSS 8.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks.
CVEs (1)
Remediations
- PSI recommends users of affected devices update their devices to a version where this vulnerability is patched.
- To obtain the update, contact PSI GridConnect via email at: [email protected]. A fix for the vulnerability is available in the following software releases: 5.1.20; 6.0.17,IEC104 Security Proxy Version 2.2.11; The following software releases are no longer supported: 4.2.x, and 5.0.x
- PSI recommends deactivating the webserver via CLI since the web interface is not essential to the configuration of the device.
Affected Vendors
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
Affected Products (5)
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
·
Smart Telecontrol Unit TCG
<= 5.0.27 | <= 5.1.19 | <= 6.0.16
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
·
IEC104 Security Proxy
<= 2.2.10
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
·
Telecontrol Gateway VM
<= 4.2.21 | <= 5.0.27 | <= 5.1.19 | <= 6.0.16
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
·
Telecontrol Gateway 3G
<= 4.2.21 | <= 5.0.27 | <= 5.1.19 | <= 6.0.16
PSI GridConnect GmbH (formerly PSI Nentec GmbH)
·
Telecontrol Gateway XS-MU
<= 4.2.21 | <= 5.0.27 | <= 5.1.19 | <= 6.0.16
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more