Today the DHS ICS-CERT published a control system security advisory for
two vulnerabilities in the Certec EDV atvise scada. The vulnerabilities were
reported by Sebastian Neef of Internetwache.org. Certec has produced a new
version of the software to mitigate the vulnerability. There is no indication
that Neef has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Cross-Site Scripting - CVE-2017-6031;
and
• Header Injection - CVE-2017-6029
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to execute arbitrary code, affecting
the integrity of the device.
Posts
No comments:
Post a Comment