Wednesday, July 27, 2011

ICS-CERT Issues Wonderware Advisory

Yesterday DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an advisory for the Invensys Wonderware Information Server that had previously been posted in restricted release on the US-CERT Portal. The Advisory describes a stack-based buffer overflow vulnerability in two different ActiveX controls used by that product.

This vulnerability is remotely exploitable by an attacker with moderate skills. It does require a user to open a malicious file or website so a social engineering attack is required. A successful attack could allow remote code execution on the affected system.

Invensys has developed a patch for this vulnerability.

No comments:

/* Use this with templates/template-twocol.html */