Today the DHS ICS-CERT published two control system security
advisories for products from Satel Iberia and Phoenix Contact.
Satel Iberia Advisory
This advisory
describes a command injection vulnerability in the Satel Iberia SenNet Data
Logger and Electricity Meters. The vulnerability was reported by Karn Ganeshen.
A new version is available that mitigates the vulnerability. There is no
indication that Ganeshen was provided an opportunity to verify the efficacy of
the fix.
ICS-CERT reports that a relatively low skilled attacker could
remotely exploit the vulnerability to gain root privilege to run arbitrary
commands and change system data.
Phoenix Contact Advisory
This advisory
describes two vulnerabilities in the Phoenix Contact mGuard. The
vulnerabilities were self-reported. A new firmware version is available that
mitigates the vulnerability.
The two reported vulnerabilities are:
• Resource exhaustion - CVE-2017-7935;
and
• Improper authentication - CVE-2017-7937
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerabilities to disrupt the availability of the device
and gain unauthorized access to the device.
Posts
No comments:
Post a Comment