This afternoon the DHS ICS-CERT published to advisory
updates; one for a December
advisory for vulnerabilities in Advantech’s EKI devices; the other for a November
advisory for vulnerabilities in Unitronics’ VisiLogic OPLC IDE devices.
Advantech Update
This update adds a
new authentication vulnerability (CVE-2015-7938) and reports that Advantech
published firmware updates for all four vulnerabilities on December 31st,
2015. Interestingly it also removes reference to this being an uncoordinated
disclosure.
Unitronics Update
This update adds
a new code injection vulnerability (CVE-2015-7939) and reports that an even
newer update is now available that presumably addresses all three
vulnerabilities.
Posts
No comments:
Post a Comment