Today the DHS ICS-CERT published an alert
for a public report of a vulnerability in the Cobham
Sailor 900 VSAT. The vulnerability was publicly disclosed without coordination
with either the vendor or ICS-CERT. ICS-CERT is trying to coordinate with
vendor to determine if the vulnerability actually exists and, if it does, what
the vendor will be doing about mitigating the vulnerability.
ICS-CERT reports that the vulnerability is a buffer
overflow vulnerability that would allow an attacker to remotely exploit the vulnerability
to execute arbitrary code. ICS-CERT notes that the vulnerability does not
appear to affect navigation.
It has been a while since we have seen an alert from
ICS-CERT, more researchers who publicly report vulnerabilities are now
coordinating their disclosures through one agency or another. ICS-CERT does not
typically identify the researcher or the location of the publication of the
uncoordinated disclosure.
This vulnerability is not in a system that most
people associate with ‘industrial control systems’ but it does show how wide
spread cyber vulnerabilities have become. It will be interesting to see what
downstream control systems could be affected by an exploit of this
vulnerability. There are lots of control systems on modern ships.
Is ICS-CERT the most logical agency to handle this
disclosure? Maybe not, but they would have more experience coordinating
disclosures than either the Coast Guard (maritime) or the FCC (sat com).
Posts
No comments:
Post a Comment