This afternoon the DHS ICS-CERT published an advisory
concerning an improper input validation vulnerability in the IOServer’s DNP3
driver reported by Adam Crain of Automatak and independent research Chris
Sistrunk in a coordinated disclosure.
ICS-CERT reports that a moderately skilled attacker could
craft a remotely exploitable attack using this vulnerability resulting in a
denial of service attack. IOServer has provided an updated version of the
software (http://www.ioserver.com/beta2040.exe) which has been
confirmed by Crain and Sistrunk to correct the problem.
NOTE: I’m not sure that I would like clicking on an .EXE
file for a file on a different web site. Personally, I would prefer to click to
a page that provides some sort of explanation of what the changed software
would do before I would be comfortable clicking on the executable file.
Posts
No comments:
Post a Comment