This afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued an alert for multiple vulnerabilities in the PcVue HMI-SCADA product. The vulnerabilities include:
• Control of a function pointer – DOS and possible remote code execution;
• Arbitrary memory write – Potential to write memory;
• Directory Traversal – Possible file corruption; and
• Array Overflow – DOS and possible remote code execution
All of the vulnerabilities are reportedly remotely executable and there appears to be exploit code publicly available. ICS-CERT doesn’t say this in their Alert, but this is another Luigi uncoordinated disclosure on Bugtraq.
Posts
No comments:
Post a Comment