August 30, 2018

The NCCIC has updated this advisory with additional details on the nature of the vulnerabilities, risk evaluation, affected products, and mitigation measures. This advisory was initially published on May 22 and and last updated on May 24. NCCIC/ICS-CERT.

May 24, 2018

The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.

May 22, 2018

The NCCIC has released an advisory on missing authentication for critical function, resource exhaustion, and cross-site scripting vulnerabilities in Martem TELEM-GW6/GWM. For both GW6 and GWM, version 2018.04.18-linux_4-01-60cb47 and prior are affected. Successful exploitation of these vulnerabilities could allow execution of unauthorized industrial process control commands, denial of service, or client-side code execution. Martem has provided updated information within the “Security Considerations” section of its Configuration Manual and recommends a series of mitigating actions. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.