Our friend Luigi is back in an ICS-Advisory with an
uncoordinated disclosure of multiple vulnerabilities in QNX products and Jon
Christmas of Solera Networks has a coordinated disclosure for a vulnerability
in a Triangle Research PLC. In an interesting twist, Luigi confirms the
efficacy of the QNX patch while TRI self-validates their patch.
QNX
This advisory
reports multiple vulnerabilities reported by Luigi. Luigi’s report was
posted on his web site in May 2012, but it wasn’t picked up by ICS-CERT for an
alert at that time. It may have been that ICS-CERT wasn’t really looking at
vulnerabilities in embedded systems at that time. Or maybe they just weren’t
watching Luigi because of his new business. In either case (or some other that
I missed) QNX took action to address the following vulnerabilities;
• Stack-based buffer overflow, CVE-2013-2687;
and
• Buffer copy overflow, CVE-2013-2688
NOTE: The CVE links are not yet live, it will be a day or two.
ICS-CERT notes that a relatively unskilled attacker using
Luigi’s code could remotely exploit these vulnerabilities to execute a DoS
attack or execute arbitrary code.
Triangle Research
Jon reported an improper input validation vulnerability in
the Nano-10 PLC. ICS-CERT reports that this vulnerability could be remotely
exploited by relatively low skilled attacker if the firewall has Port TCP/502
open. It could be used to execute a DoS attack.
Posts
No comments:
Post a Comment