Thursday, May 28, 2015

ICS-CERT Publishes IDS RTU Advisory

Today the DHS ICS-CERT published an advisory for a directory transversal vulnerability in IDS RTU 850 devices. The vulnerability was reported by Benjamin Kahler and Sebastian Kraemer of HSASec. ICS-CERT reports that the vulnerable models are well past their end-of-support date (2009) so no effort will be made to produce an update. IDS has provided specific mitigation suggestions nonetheless.

ICS-CERT reports that a highly skilled attacker could remotely exploit this vulnerability to obtain credentials for access to the internal service interface via telnet.

No comments:

/* Use this with templates/template-twocol.html */