Thursday, August 25, 2011

ICS-CERT ClearSCADA Advisory

Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) publicly published an advisory for Control Mircrosystems’ ClearSCADA platform. The advisory was originally published in limited distribution on the US-CERT portal in June. The vulnerability identified by Jeremy Brown would allow an unauthorized remote user access to system diagnostic information.

Control Microsystems has corrected the problem in ClearSCADA server 2010 R1.1 and newer versions. Patches will not be made available for older versions. They also recommend disabling logons on non-secure ports in the server configuration window. That would make it seem that the default settings specifically allow for logging onto the system via unsecure ports; that doesn’t seem right.

No comments:

/* Use this with templates/template-twocol.html */