This afternoon the DHS ICS-CERT published an advisory
for a stack-based buffer overflow in the Schneider Electric VAMPSET software.
The vulnerability was reported by Ricardo Narvaja and Joaquín Rodríguez of Core
Security. Schneider reports
(.PDF download) that a new version has been made available that does not have
the vulnerability. There is no indication that the researchers have been given
the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a social engineering attack would be
required to exploit this vulnerability. A successful exploit could result in
the execution of arbitrary code.
Posts
No comments:
Post a Comment