Today the DHS ICS-CERT published an advisory for i-GEN Solutions’ opLYNX Central application. The Advisory is based upon an authentication bypass vulnerability reported in a coordinated disclosure by Anthony Cicalla.
Following an apparently common recent trend, i-GEN Solutions automatically installs the new version during logon and automatically applies it to the local system. It is nice to know that vendors have so thoroughly tested the revised version of the software that they know that it will properly work in all implementations of the system.
Interesting question: If i-GEN Solutions can change base program remotely, apparently without notification/permission, could an attacker infiltrate their enterprise system and do a mass change that would corrupt all user systems?