Yesterday afternoon DHS ICS-CERT published a
single update for two of their previously issued advisories for the Tridium
Niagara Framework system (ICSA-12-228-01
and ICSA-13-045-01).
The update was issued because:
“Tridium has now issued a product update
that further enhances the security of the Niagara AX Framework as part of the
company’s normal product release process.”
Actually, according to the Tridium June
announcement they have updated the builds of the three latest versions of
the NiagraAX Framework to include “significant changes to the way
passwords are stored”. This potentially affects two of the vulnerabilities identified
in the 2012 advisory, but it does not seem to have any effect on the directory
traversal vulnerability reported in February.
It does seem odd that ICS-CERT has taken two months to
mention these security updates from Tridium, but fails to mention two Webinars
and two Tech Guides dealing with Niagara security measures that are also listed
on the same web page
referenced in this advisory update.
Posts
No comments:
Post a Comment