Yesterday the DHS ICS-CERT
published an alert concerning a buffer
overflow vulnerability in the Sielco Sistemi Winlog HMI product. The uncoordinated
disclosure was initiated by Michael Messner. Not much info at this point beyond
the report that an a specially crafted request sent to a specific TCP could
result in remote execution of arbitrary code. Seems like a pretty typical HMI
vulnerability.
It is amazing that vulnerabilities like this are still being
reported. This is such a common, basic vulnerability that one would like to
think that vendors had gone back and checked for these. I kind of understand
why a researcher might not want to waste time on a coordinated disclosure on
such a basic vulnerability as this.
Posts
No comments:
Post a Comment