Thursday, June 3, 2010
Today the DHS-CERT Control Systems Security Program web page contains a link to a new ICS-CERT Advisory. According to the CSSP web page: “The ICS-CERT released advisory "ICSA-10-147-01 _ Cisco Network Building Mediator" detailing multiple vulnerabilities in Cisco’s Network Building Mediator’s Products. These vulnerabilities involve default credentials, privilege escalation, unauthorized information interception, and unauthorized information access that could result in an attacker taking complete control over an affected device.” If your facility uses the Cisco Network Building Mediator or its predecessor Richards-Zeta Mediator products, you need to read the advisory and take the indicated actions as soon as possible. These vulnerabilities may allow outsiders to gain unauthorized access to or control of this industrial control system.