Wednesday, September 28, 2011

ICS-CERT Issues Alert on a New Luigi Vulnerability

This afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued an alert for multiple vulnerabilities in the PcVue HMI-SCADA product. The vulnerabilities include:

• Control of a function pointer – DOS and possible remote code execution;
• Arbitrary memory write – Potential to write memory;
• Directory Traversal – Possible file corruption; and
• Array Overflow – DOS and possible remote code execution

All of the vulnerabilities are reportedly remotely executable and there appears to be exploit code publicly available. ICS-CERT doesn’t say this in their Alert, but this is another Luigi uncoordinated disclosure on Bugtraq.

No comments:

/* Use this with templates/template-twocol.html */