Yesterday DHS ICS-CERT published an alert for the Sielco
Sistemi WinLog Lite SCADA product. The alert was based upon an uncoordinated
disclosure (with proof of concept code) from FaryadR (a.k.a. Ciph3r) for a
structured exception handler vulnerability.
NOTE: ICS-CERT provided the link to
the FaryadR disclosure in their alert; I wish they would get consistent with
their acknowledgement of the source of disclosures. I strongly vote for their
continuing to provide links to the actual disclosures.
According to the alert this vulnerability would allow an
attacker with physical access to the system to execute arbitrary code. The
WinLog Lite product is mainly a demo product for sales purposes, but it can be
used to write small (limit of 24 tags) SCADA applications so this is a real
vulnerability but not an earth-shaking, critical-infrastructure vulnerability.
The exploit code does seem to be a little on the complex
side for such a minor system. I’m wondering if FaryadR is working on a similar
exploit of the WinLog Pro product. That would make this disclosure a friendly
warning.
Posts
No comments:
Post a Comment