Thursday, April 2, 2015

ICS-CERT Publishes a Schneider Electric Advisory

This afternoon the DHS ICS-CERT published an advisory for a stack-based buffer overflow in the Schneider Electric VAMPSET software. The vulnerability was reported by Ricardo Narvaja and Joaquín Rodríguez of Core Security. Schneider reports (.PDF download) that a new version has been made available that does not have the vulnerability. There is no indication that the researchers have been given the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a social engineering attack would be required to exploit this vulnerability. A successful exploit could result in the execution of arbitrary code.

No comments:

/* Use this with templates/template-twocol.html */