This afternoon the DHS ICS-CERT published an advisory concerning an improper input validation vulnerability in the IOServer’s DNP3 driver reported by Adam Crain of Automatak and independent research Chris Sistrunk in a coordinated disclosure.
ICS-CERT reports that a moderately skilled attacker could craft a remotely exploitable attack using this vulnerability resulting in a denial of service attack. IOServer has provided an updated version of the software (http://www.ioserver.com/beta2040.exe) which has been confirmed by Crain and Sistrunk to correct the problem.
NOTE: I’m not sure that I would like clicking on an .EXE file for a file on a different web site. Personally, I would prefer to click to a page that provides some sort of explanation of what the changed software would do before I would be comfortable clicking on the executable file.