This afternoon the DHS ICS-CERT published an advisory
for a code injection vulnerability in Network Vision’s IntraVue software. The
vulnerability was reported by Jürgen Bilberger from Daimler TSS Gmbh.. Network
Vision has developed a new version which mitigates the vulnerability, though
there is no indication that Bilberger has had a chance to validate the efficacy
of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to execute arbitrary code on the IntraVue
system. Since this is an industrial Ethernet visualization and control development
tool this vulnerability could conceivably give an attacker virtual network
control.
Posts
No comments:
Post a Comment