Today the DHS ICS-CERT published an advisory
for a DLL hijack vulnerability in Rockwell Automation’s FactoryTalk View Studio
product. The vulnerability was reported by Ivan Sanchez of NullCode &
Evilcode Team. Rockwell has produced a patch that mitigates the vulnerability
but there is no indication that Sanchez was provided an opportunity to verify
the efficacy of the patch.
ICS-CERT reports that a social engineering attack would be
necessary to exploit this vulnerability.
Apparently ICS-CERT is changing the way they describe the
remote exploit possibility of vulnerability. Instead of saying that the
vulnerability is ‘not remotely exploitable’ as we have seen in some DLL related
advisories in the recent past, they now say: “These vulnerabilities are not
exploitable remotely without user interaction.” This seems to me to be a
concise and accurate description of the situation.
Note: It looks like this may be the advisory that I
reported as being posted on the US-CERT Secure portal recently. The
advisory notes that it was posted to the portal on March 3rd.
Posts
No comments:
Post a Comment