This morning the DHS ICS-CERT published a new advisory for a
directory traversal vulnerability in the ICONICS WebHMI. The vulnerability was
reported by Maxim Rupp. A new version of the HMI is available, but there is no
indication that Maxim was provided the opportunity to verify the efficacy of
the fix. ICONICS has also recommended that the vulnerable version of WebHMI not
be exposed directly to the Internet.
ICS-CERT reports that a relatively inexperienced attacker
could remotely exploit this vulnerability to download arbitrary files from the
target system.
Posts
No comments:
Post a Comment