Thursday, September 1, 2011

DHS ICS-CERT Updates Sunway Force Control Alert

Last week the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published a limited information alert about an overwrite vulnerability in the structured exception handler for the Sunway Force Control SCADA system. Yesterday they published an updated version of that alert that provides more information on the vulnerability. Probably the most important item of information is that the alert is based upon the public availability of exploit code for the vulnerability.

Interestingly ICS-CERT now thinks that the exploit is “likely targeting a previously disclosed and patched vulnerability”. There are patches and mitigation measures available for that vulnerability, so this alert recommends that they be implemented (should have already been implemented?) as a preliminary response to this exploit. More information, including perhaps a confirmation of this being the same vulnerability, will follow.

I briefly wrote about the earlier advisory back in June and noted that the newsworthy aspect of that advisory was that the vulnerability had been reported by Dillon Beresford of Siemens vulnerability notoriety. ICS-CERT is careful to note in this advisory that it is someone else (currently unidentified) that published the exploit code, not Dillon.

No comments:

/* Use this with templates/template-twocol.html */