Today the DHS ICS-CERT published four control system
security advisories for products from INTERSCHALT, Adcon, Sauter and Moxa.
INTERSCHALT Advisory
This advisory
describes a path traversal vulnerability the INTERSCHALT Maritime Systems
(INTERSCHALT) VDR G4e application. The vulnerability was reported by Maxim
Rupp. INTERSCHALT has produced a patch to mitigate this vulnerability. ICS-CERT
reports that Maxim has verified the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to read/download arbitrary files from the
target host.
Adcon Advisory
This advisory
describes a cross-site scripting vulnerability in the Adcon Telemetry A850
Telemetry Gateway Base Station. The vulnerability was reported by the Aditya K.
Sood. Adcon has produced a new firmware version to mitigate the vulnerability.
There is no indication that Sood has been provided the opportunity to verify
the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to allow the injection of arbitrary
JavaScript that may affect the integrity of the system.
Sauter Advisory
This advisory
describes an authentication bypass vulnerability in the Sauter NovaWeb web HMI
application. The vulnerability was reported by Maxim Rupp. The HMI application
is no longer supported so there will be no fix for the vulnerability.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to gain authorized access to the
application.
Moxa Advisory
This advisory
describes two vulnerabilities in the Moxa MiiNePort. The vulnerabilities were
reported by Aditya Sood. Moxa has produced new firmware versions to mitigate
the vulnerabilities. There is no indication that Sood was provided an
opportunity to verify the efficacy of the fix.
The reported vulnerabilities are:
• Permissions, privileges, and
access controls - CVE-2016-9344; and
• Cleartext storage of sensitive information - CVE-2016-9346
Posts
No comments:
Post a Comment