Saturday, August 27, 2011

ICS-CERT Publishes Sunway Force Control Alert

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an alert about an overwrite vulnerability in the structured exception handler for the Sunway Force Control SCADA system. This vulnerability may allow for execution of arbitrary code.

Very little information is available with this alert, which is to be expected. ICS-CERT issues these alerts when public disclosure of a vulnerability takes place outside of the coordinated disclosure process. ICS-CERT does say that they are working with the Chinese based vendorto validate and mitigate the reported vulnerability.

No comments:

/* Use this with templates/template-twocol.html */