Today the DHS ICS-CERT published a
control system security advisory for an unquoted service path escalation
vulnerability in Moxa’s Active OPC Server application. The vulnerability was
reported by Zhou Yu. Moxa has produced a new version to mitigate the
vulnerability. ICS-CERT reports that Yu has verified the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker with
local access and network credentials could exploit this vulnerability to allow
an authorized but non-privileged local user to execute arbitrary code with
elevated privileges on the system.
Posts
No comments:
Post a Comment