Thanks to a Tweet® from Red Team SCADA I looked at the Open Source Vulnerability Database this morning and noticed that in the last two weeks there were two ICS vulnerabilities listed that have not yet been reported by ICS-CERT. Those are:
• An Triangle Research Nano-10 PLC vulnerability; and
• An Invensys Wonderware InTouch vulnerability
Both of these are listed as coordinated vulnerabilities with mitigation measures available from the vendors.
I don’t suppose that we will hear anything now until the shutdown is lifted. It does beg the question, do we need ICS-CERT’s reporting?