Monday, June 10, 2013

ICS-CERT Publishes IOServer Advisory

This afternoon the DHS ICS-CERT published an advisory concerning an improper input validation vulnerability in the IOServer’s DNP3 driver reported by Adam Crain of Automatak and independent research Chris Sistrunk in a coordinated disclosure.

ICS-CERT reports that a moderately skilled attacker could craft a remotely exploitable attack using this vulnerability resulting in a denial of service attack. IOServer has provided an updated version of the software (http://www.ioserver.com/beta2040.exe) which has been confirmed by Crain and Sistrunk to correct the problem.


NOTE: I’m not sure that I would like clicking on an .EXE file for a file on a different web site. Personally, I would prefer to click to a page that provides some sort of explanation of what the changed software would do before I would be comfortable clicking on the executable file.

No comments:

 
/* Use this with templates/template-twocol.html */