Recently (last Friday and today) the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) updated two previously issued control system advisories. These updates covered the DLL Hijacking vulnerability in the Ecava IntegraXor system and the multiple denial of service (DOS) vulnerabilities in the 7-Tecnologies IGSS system.
The original vulnerability advisory was published on May 27th. There was apparently an update published the same day with a revised link for the patch provided by Ecava, but I cannot find anywhere on the ICS-CERT site where it was actually published. This second revision (‘B’ Version) corrects the impression left by earlier versions that this vulnerability could only be accessed locally. It also provides yet another link for the patch that is available to correct this vulnerability
7 Technologies IGSS
The original advisory was published on May 12th. This update reports that both ICS-CERT and Joel Langill (the researcher that identified the vulnerabilities) have validated the patches provided by 7 Technologies. It also updates the list of affected versions of the software. It also provides updated patch information since it is now apparent that each of the affected versions requires a slightly different patch.