Friday, October 7, 2016

ICS-CERT publishes GE Advisory

Yesterday the DHS ICS-CERT published a control system security advisory for an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system. Apparently this is a self-reported vulnerability. GE has produced a new firmware version to mitigate this vulnerability. ICS-CERT had previously published this advisory on the US-CERT Secure Portal on September 8th.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to gain unauthorized access to the affected device with elevated privileges.

No comments:

/* Use this with templates/template-twocol.html */