This morning DHS ICS-CERT issued two new alerts for vulnerabilities related to control systems produced by two different companies. The first vulnerability has been reported in Intellicom’s Netbiter® WebSCADA product while the second vulnerability has been reported in the Moxa Device Manager. No patch is yet available for either vulnerability though Intellicom recommends that their users “change the default password when installing the product” (always great advice).
The Netbiter vulnerability was first reported on SecList.org back on October 1st. ICS-CERT reports that they are working with Intellicom “to address these vulnerabilities”.
The Moxa vulnerability, with exploit, was published yesterday in great detail on ReverseMode.com. This may explain why ICS-CERT has taken the unusual step of posting their alert before they have been able to contact someone from Moxa.