Thursday, May 11, 2017

ICS-CERT Publishes Two Advisories

Today the DHS ICS-CERT published two control system security advisories for products from Satel Iberia and Phoenix Contact.

Satel Iberia Advisory


This advisory describes a command injection vulnerability in the Satel Iberia SenNet Data Logger and Electricity Meters. The vulnerability was reported by Karn Ganeshen. A new version is available that mitigates the vulnerability. There is no indication that Ganeshen was provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to gain root privilege to run arbitrary commands and change system data.

Phoenix Contact Advisory


This advisory describes two vulnerabilities in the Phoenix Contact mGuard. The vulnerabilities were self-reported. A new firmware version is available that mitigates the vulnerability.

The two reported vulnerabilities are:

• Resource exhaustion - CVE-2017-7935; and
• Improper authentication - CVE-2017-7937


ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerabilities to disrupt the availability of the device and gain unauthorized access to the device.

No comments:

 
/* Use this with templates/template-twocol.html */