Yesterday the DHS ICS-CERT published an
alert for publicly
disclosed control system vulnerabilities in the BINOM3 Electric Power
Quality Meter. The vulnerabilities had previously been disclosed to ICS-CERT by
Karn Ganeshen, but ICS-CERT has not been able to get a response from BINOM3
about the vulnerabilities.
The reported vulnerabilities include:
• Reflected and stored Cross-site
Scripting;
• Clear Text Passwords;
• Sensitive information leakage in
GET request; and
• Access Control Issues
These are the same vulnerabilities that I
reported on Saturday.
Posts
No comments:
Post a Comment