Yesterday DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an advisory for the Invensys Wonderware Information Server that had previously been posted in restricted release on the US-CERT Portal. The Advisory describes a stack-based buffer overflow vulnerability in two different ActiveX controls used by that product.
This vulnerability is remotely exploitable by an attacker with moderate skills. It does require a user to open a malicious file or website so a social engineering attack is required. A successful attack could allow remote code execution on the affected system.
Invensys has developed a patch for this vulnerability.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment