Today the DHS ICS-CERT published an advisory
for a directory transversal vulnerability in IDS RTU 850 devices. The vulnerability
was reported by Benjamin Kahler and Sebastian Kraemer of HSASec. ICS-CERT
reports that the vulnerable models are well past their end-of-support date (2009)
so no effort will be made to produce an update. IDS has provided specific
mitigation suggestions nonetheless.
ICS-CERT reports that a highly skilled attacker could
remotely exploit this vulnerability to obtain credentials for access to the
internal service interface via telnet.
Posts
No comments:
Post a Comment