Tuesday, November 4, 2014

ICS-CERT Publishes ABB Robot Advisory

This afternoon the DHS ICS-CERT published an advisory for a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer applications. This vulnerability was reported by Ivan Sanchez of WiseSecurity Team in a coordinated disclosure. ABB has produced new versions of the affected applications and ICS-CERT reports that Sanchez has validated the efficacy of the fix.

ICS-CERT reports that a moderately skilled attacker with local access could exploit this vulnerability to execute arbitrary code.

ABB reports (in separate advisories for RobotStudio and Test Signal Viewer; both .PDF files) that the vulnerability is in a third-party component of the applications. The question this raises is what third-party component and who else uses the same component with the same vulnerability.

No comments:

/* Use this with templates/template-twocol.html */