This afternoon the DHS ICS-CERT published an advisory
for a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer
applications. This vulnerability was reported by Ivan Sanchez of WiseSecurity
Team in a coordinated disclosure. ABB has produced new versions of the affected
applications and ICS-CERT reports that Sanchez has validated the efficacy of
the fix.
ICS-CERT reports that a moderately skilled attacker with
local access could exploit this vulnerability to execute arbitrary code.
ABB reports (in separate advisories for RobotStudio
and Test
Signal Viewer; both .PDF files) that the vulnerability is in a third-party
component of the applications. The question this raises is what third-party
component and who else uses the same component with the same vulnerability.
Posts
No comments:
Post a Comment