Thursday, February 26, 2015

ICS-CERT Publishes IntraVue Advisory

This afternoon the DHS ICS-CERT published an advisory for a code injection vulnerability in Network Vision’s IntraVue software. The vulnerability was reported by Jürgen Bilberger from Daimler TSS Gmbh.. Network Vision has developed a new version which mitigates the vulnerability, though there is no indication that Bilberger has had a chance to validate the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to execute arbitrary code on the IntraVue system. Since this is an industrial Ethernet visualization and control development tool this vulnerability could conceivably give an attacker virtual network control.

No comments:

/* Use this with templates/template-twocol.html */