This afternoon the DHS ICS-CERT published an advisory
describing a cross-site request forgery (CSRF) vulnerability in XZERES’s
442SR turbine generator operating system (OS). The vulnerability was originally
reported by Maxim Rupp. XZERES has produced a patch to mitigate the
vulnerability, but there is no indication that Rupp has been given the
opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could modify publicly available exploit code for other systems to remotely exploit
this vulnerability to gain admin rights to the entire system.
Posts
No comments:
Post a Comment