Yesterday the DHS ICS-CERT published an
update for a Siemens advisory, a new advisory for an Advantech
product line, and an alert for a Microsoft vulnerability.
Siemens Update
This update
is for an WinCC advisory that was originally
published last November. This update provides notification that
the last affected system (WinCC 7.0 SP 3) now has an update available
to mitigate the vulnerability. Siemens published
their update last week.
Advantech Advisory
This advisory
describes a buffer overflow vulnerability in the Advantech EKI-1200
MODBUS Gateway product line. The vulnerability was originally
reported by Enrique Nissim and Pablo Lorenzzato of the Core Security
Engineering Team in a coordinated disclosure. ICS-CERT reports that
Advantech has a patch that mitigates the vulnerability but there is
no indication that the researchers have validated that fix.
ICS-CERT reports that a relatively
unskilled attacker could remotely exploit this vulnerability to
execute arbitrary code.
Microsoft Alert
This alert
describes a critical security update for the Microsoft Windows
operating systems. The JASBUG
vulnerability was first reported by four different researchers,
including Jeff Schmidt at Global Advisors. Microsoft has produced
an update that mitigates the vulnerability, but there is no
indication that the researchers have been given the opportunity to
verify the efficacy of the update.
ICS-CERT reports that an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
ICS-CERT notes that just processing the
update does not fix the vulnerability. Additional
actions need to be taken by the system administrator before the
fix actually mitigates the vulnerability.
Posts
No comments:
Post a Comment