On Saturday I noted that ICS-CERT had issued nearly identical alerts for two different products from 7-Technologies. I reported a variety of similarities including a common CVE number. I should have known that was a mistake and if I had called them about it, I could have claimed ‘forcing a correction’ on ICS-CERT when they updated the 7T TERMIS alert today. The only thing that it changed was the CVE number for the vulnerability. Now the two separate programs, while have nearly identical vulnerabilities will have unique CVE numbers for them.
Experts compete to find Ukraine grid hack 'smoking gun'
11 months ago