Today the DHS ICS-CERT published a control system security
advisory for a product from Schneider Electric and updated another for a product
from GE.
Schneider Advisory
This advisory
describes a credentials management vulnerability in the Schneider Electric Wonderware
Historian. The vulnerability was reported by Ruslan Habalov and Jan Bee of the
Google ISA Assessments Team. Schneider has provided work around instructions to
mitigate the vulnerability. There is no indication that the researchers have
been provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to compromise Historian databases.
GE Update
This update provides
additional information on the security advisory covering the GE GE Proficy
Human-Machine Interface/Supervisory Control and Data Acquisition (HMI/SCADA)
iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian software. That
advisory was originally
published on January 17th, 2017. The update provides a link to
the GE Product Security Advisory for the vulnerability. That GE document provides
workaround data that can be used if upgrading is not a timely or workable
alternative.
Posts
No comments:
Post a Comment