Friday, June 15, 2012

ICS-CERT Publishes Sielco Sistemi Winlog Alert

Yesterday the DHS ICS-CERT published an alert concerning a buffer overflow vulnerability in the Sielco Sistemi Winlog HMI product. The uncoordinated disclosure was initiated by Michael Messner. Not much info at this point beyond the report that an a specially crafted request sent to a specific TCP could result in remote execution of arbitrary code. Seems like a pretty typical HMI vulnerability.

It is amazing that vulnerabilities like this are still being reported. This is such a common, basic vulnerability that one would like to think that vendors had gone back and checked for these. I kind of understand why a researcher might not want to waste time on a coordinated disclosure on such a basic vulnerability as this.

No comments:

/* Use this with templates/template-twocol.html */