Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published three alerts for control system vulnerabilities identified by Luigi as he promised. As is usual in these Alerts ICS-CERT does not identify Luigi as the discoverer of these vulnerabilities. But, a quick check of his web site certainly shows where they were originally published. Unusual for Luigi, these have not yet been posted to Bugtraq.
Since these are just Alerts, and ICS-CERT has not yet really had a chance to verify these vulnerabilities or the effectiveness of the proof-of-concept (PoC) code, there is not much information available in these alerts. More information is available on the Luigi web site. Here is a quick summary of the information available from ICS-CERT with links to the alert and the Luigi disclosure.
Posts
1 comment:
I think the last link for ICS should point to http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-283-03.pdf
It currently ends in -02.pdf
Post a Comment