Saturday, September 3, 2011

ICS-CERT Publishes BroadWin WebAccess Alert

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an alert concerning two vulnerabilities that have been publicly reported for Advantech’s BroadWin WebAccess system. While ICS-CERT is not giving credit for the disclosure (they typically don’t for uncoordinated disclosures) is providing a copy of the BugTraq notification from Luigi Auriemma that is almost certainly the ‘public disclosure’ mentioned by ICS-CERT.

The two ActiveX vulnerabilities, according to Luigi, allow for remote exploitation. The two vulnerabilities are:

• A format string vulnerability; and

• A memory corruption vulnerability.

ICS-CERT is coordinating with Advantech to evaluate these reported vulnerabilities.

No comments:

/* Use this with templates/template-twocol.html */