Friday, March 30, 2012

Invensys Wonderware Advisory Published by ICS-CERT

This afternoon the DHS ICS-CERT published an advisory outlining two heap-based buffer overflow vulnerabilities discovered in the Invensys Wonderware System Platform. Celil Unuver, of  SignalSec Corporation reported the vulnerabilities in a coordinated disclosure.

The two separate heap-based overflow vulnerabilities would both be exploitable by a moderately skilled attacker using a social engineering attack. There is no known exploit code publicly available for these vulnerabilities. Invensys has developed a patch to mitigate the vulnerabilities and it has been verified by Celil Unuver.

No comments:

/* Use this with templates/template-twocol.html */