Alertas de Seguridad

A pesar de los estrictos métodos y las precauciones empleadas al diseñar, desarrollar y empaquetar nuestros productos, pueden producirse vulnerabilidades de seguridad.
Esta página enumera todas las alertas de seguridad conocidas sobre productos diseñados por ARC Informatique. Visítelo con frecuencia para obtener información actualizada.

La vulnerabilidad de la seguridad es un asunto que nos tomamos muy en serio, por ello nuestra política y práctica es tratar este tema con prontitud y ayudarlo a proteger sus sistemas.
Los boletines de seguridad están disponibles para nuestros clientes para describir las vulnerabilidades y brindar orientación en el esfuerzo de mitigación.

Alert Id Status Last  update Description
Product Security bulletin
2022-6 Completed Sep 19th 2022 An Insertion of Sensitive Information in Log File vulnerability affects the DbConnect configuration. PcVue 15 SB2022-6
2022-5 In progress Sep 19th 2022 A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface.
CVE-2022-38138
IEC 61850 : PcVue 10.0 onward
ICCP/TASE.2 : PcVue 15.1
SB2022-5
2022-4 Completed Sep 19th 2022

A vulnerability affects the configuration of the OAuth web service.

CVE-2022-2569

PcVue 12

PcVue 15

SB2022-4
2022-3 Completed Jan 7th 2022

During the Miami Pwn2Own contest the Zero Days Initiative (ZDI) reported multiple vulnerabilities.
CVE-2022-29862 – Chained Certificate Loop PoD
CVE-2022-29864 – Reference Counter Decrement DoS
Fixed in UaGateway version 1.5.10

UaGateway versions prior to 1.5.10 Refer to Unified Automation Security Bulletins for more details.
2022-2 Completed Jul 5th 2022 CVE-2021-45117 – OPC Foundation, autogenerated ANSI C Stack Stubs
CVE-2022-0778 – OpenSSL library
Fixed in UaGateway version 1.5.9
UaGateway versions prior to 1.5.9 Refer to Unified Automation Security Bulletins for more details.
2022-1 Completed Feb 28th 2022 Ocean Data Systems Dream Report privilege escalation vulnerabilities.
Dream Report 5 : CVE-2020-13532, CVE-2020-13533, CVE-2020-13534
Dream Report 2020 : CVE-2021-21957
Fixed in Dream Report 2020 R2 SP1
Dream Report  
2021-1 Completed Dec 16th 2021 Timeline and concerns related to the Apache Log4j vulnerability
CVE-2021-44228, CVE-2021-45046
  SB2021-1
2020-1 Completed Aug 2nd 2021

3 vulnerabilities affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS

CVE-2020-26867, CVE-2020-26868, CVE-2020-26869

PcVue 8.10 and later SB2020-1
2018-1 Completed Jan 22nd 2018 ICS-ALERT-18-011-01B: Timeline and concerns related to the Microsoft Windows updates designed to mitigate the Meltdown & Spectre  vulnerabilities PcVue,
FrontVue,
PlantVue,
Partner products
SB2018-1
2012-2 Completed Aug 30th 2012

ICSA-12-024-01: Ocean Data Systems Dream Reports XSS and write access violation vunlerabilities.

CVE-2011-4038, CVE-2011-4039

Dream Report versions prior to 4.0 -
2012-1 Completed Nov 21st 2014 ActiveBar, a 3rd party component used in our products is subject to an alert.
More information is available at Microsoft KB2562937
Microsoft released a Windows security update addressing this issue in August 2011.
PcVue 6.0 and later,
FrontVue - All versions,
PlantVue - All versions
SB2012-1
2011-1 Completed Nov 21st 2014

ICS-ALERT-11-271-01: PcVue HMI/SCADA multiple ActiveX Vulnerabilities

CVE-2011-4042, CVE-2011-4043, CVE-2011-4044, CVE-2011-4045

PcVue 6.0 and later,
FrontVue - All versions,
PlantVue - All versions
SB2011-1

¿Desea informar sobre una vulnerabilidad o proporcionar comentarios? Envíenos un correo electrónico a secure@arcinfo.com