This afternoon the DHS ICS-CERT published an alert and an
advisory for separate control system vulnerabilities. The alert was for a
product from SD Technologies. The advisory was for a product from 3S Smart
Software Solutions.
3S Smart Software
Solutions Advisory
This advisory describes
a NULL pointer dereference vulnerability in the CODESYS Runtime Tool Kit. The
vulnerability was reported by Nicholas Miles of Tenable Network Security. 3S
has produced a new version which mitigates the vulnerability, but there is no
indication that Miles was provided the opportunity to verify the efficacy of
the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to execute a denial of service attack.
SDG Technologies
Alert
This alert describes
a reported cross-site scripting vulnerability in the SDG Technologies Plug and
Play SCADA that is apparently used in remote metering
applications. ICS-CERT is reporting that this vulnerability has been
publicly disclosed with exploit code but, has not provided the name of the
researcher nor the venue where the exploit was reported.
ICS-CERT reports that it has not yet been able to contact
SDG Technologies to verify the existence of the vulnerability or determine what
actions SDG Technologies is taking with respect to the reported vulnerability.
Posts
No comments:
Post a Comment