ICS-CERT Alert on Another Luigi Vulnerability

Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published yet another alert on multiple (two) vulnerabilities reported by Luigi. This time the affected system is the Rockwell Automation FactoryTalk SCADA/HMI. Luigi reported a malformed packet vulnerability and a read access violation vulnerability. Either would allow a remote exploit that could result in a DOS attack. As always, Luigi has provided sample exploit code on his web site.