Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an alert concerning two vulnerabilities that have been publicly reported for Advantech’s BroadWin WebAccess system. While ICS-CERT is not giving credit for the disclosure (they typically don’t for uncoordinated disclosures) SecurityFocus.com is providing a copy of the BugTraq notification from Luigi Auriemma that is almost certainly the ‘public disclosure’ mentioned by ICS-CERT.
The two ActiveX vulnerabilities, according to Luigi, allow for remote exploitation. The two vulnerabilities are:
• A format string vulnerability; and
• A memory corruption vulnerability.
ICS-CERT is coordinating with Advantech to evaluate these reported vulnerabilities.
Posts
No comments:
Post a Comment