Wednesday, September 21, 2011

Another Luigi Vulnerability Falls

Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an Advisory today on a stack overflow vulnerability in the AzeoTech DAQFactory SCADA/HMI Product. This is the third Luigi vulnerability identified earlier this month that has had follow-up action published by ICS-CERT. AzeoTech responded by publishing an updated version of the software .

The vulnerability would allow an attacker with minimal skills to execute a denial of service attack on the system by sending a specially crafted message to an undocumented port on the system. A more experienced attacker could probably execute arbitrary code.  Both types of attacks could be executed remotely.

No comments:

/* Use this with templates/template-twocol.html */