ICS-CERT Closes-out a Luigi Alert

Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an advisory that effectively closes out an earlier alert about a Luigi identified vulnerability on Open Automation Software’s OPC Systems.Net. It actually closes out two alerts, one of which is no longer publicly available, but you’ll have to go back and re-read an earlier blog post for that story.

The vulnerability would allow a malformed packet to be used by a moderately skilled attacker to remotely execute a denial of service attack. A CVE number has been assigned, but is not yet active. A software update is available that corrects this particular problem.