Yesterday the DHS ICS-CERT published a control system
security advisory for twin vulnerabilities in the American Auto-Matrix Building
Automation Front-End Solutions application. The vulnerabilities were reported
by Maxim Rupp. American Auto-Matrix has produced an update to mitigate the
vulnerabilities. There is no indication that Rupp has been provided an
opportunity to verify the efficacy of the fix.
The vulnerabilities include:
• Local file inclusion - CVE-2016-2307;
and
• Plain text storage of a password - CVE-2016-2308
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit these vulnerabilities to provide an attacker authenticated
credentials to all aspects of the system.
Posts
No comments:
Post a Comment