Tuesday, September 20, 2016

ICS-CERT Publishes BINOM3 Alert

Yesterday the DHS ICS-CERT published an alert for publicly disclosed control system vulnerabilities in the BINOM3 Electric Power Quality Meter. The vulnerabilities had previously been disclosed to ICS-CERT by Karn Ganeshen, but ICS-CERT has not been able to get a response from BINOM3 about the vulnerabilities.

The reported vulnerabilities include:

• Reflected and stored Cross-site Scripting;
• Clear Text Passwords;
• Sensitive information leakage in GET request; and
• Access Control Issues


These are the same vulnerabilities that I reported on Saturday.

No comments:

 
/* Use this with templates/template-twocol.html */