This afternoon the DHS ICS-CERT updated their
advisory for the Siemens vulnerability that they recently
noted may be involved in some of the BlackEnergy attacks. Siemens reported
two additional product variants for which there is now version that is
resistant to the exploit of this vulnerability. Neither Siemens nor ICS-CERT
have yet identified exactly what the vulnerabilities are; just what could
result from a successful exploit. Hopefully that will change when the last two
products are also protected.
I was a little surprised to see ICS-CERT get this update out
this afternoon; after all Siemens only published their version this morning. I
guess that now that ICS-CERT thinks that this might be involved in the
BlackEnergy series of attacks (that ICS-CERT is only really explaining in
classified briefings), they think that it may be important to get this
information out to owners of potentially
affected systems.
Posts
No comments:
Post a Comment