Yesterday the DHS ICS-CERT updated a control system security advisory for products from XZERES. The original advisory was published on December 8th, 2015 and then updated on December 10th, 2015. The new update describes new mitigation measures for the cross-site scripting vulnerability and adds the name of a new researcher, Tim Thurlings, to the advisory.
The new mitigation measures include:
• A new ‘Secure Gateway’ module to install between the internet and the Controller board;
• New notebooks for remote access that include a Secure Remote Connection system; and
• A work around that includes shutting down the port forwarding feature.