Yesterday the DHS ICS-CERT updated a control system security
advisory for products from XZERES. The original advisory was
published on December 8th, 2015 and then
updated on December 10th, 2015. The new update describes new
mitigation measures for the cross-site scripting vulnerability and adds the
name of a new researcher, Tim Thurlings, to the advisory.
The new mitigation measures include:
• A new ‘Secure Gateway’ module to
install between the internet and the Controller board;
• New notebooks for remote access
that include a Secure Remote Connection system; and
• A work around that includes shutting down the port
forwarding feature.
Posts
No comments:
Post a Comment