This week John Page (HYP3RLINX) published three control
system security vulnerability reports on the Full Disclosure mailing list; all
three reports include proof of concept exploit code. All three of the
vulnerabilities were for products from Moxa; two for Moxa MXView (here and here) and one for MX-AOPC
UA SERVER (here).
Page reports that these were coordinated disclosures and that Moxa has updated
firmware to mitigate all three vulnerabilities.
MXView
The two reported vulnerabilities are:
• Remote private key disclosure - CVE-2017-7455;
and
• Denial of service - CVE-2017-7456
MX-AOPC UA SERVER
The sole reported vulnerability for this product is an XML
external entity injection (CVE-2017-7457) vulnerability.
Posts
No comments:
Post a Comment