Thursday, June 4, 2015

ICS-CERT Publishes Wind Turbine Advisory

This afternoon the DHS ICS-CERT published an advisory describing a cross-site request forgery (CSRF) vulnerability in XZERES’s 442SR turbine generator operating system (OS). The vulnerability was originally reported by Maxim Rupp. XZERES has produced a patch to mitigate the vulnerability, but there is no indication that Rupp has been given the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could modify publicly available exploit code for other systems to remotely exploit this vulnerability to gain admin rights to the entire system.

No comments:

/* Use this with templates/template-twocol.html */