Today the DHS ICS-CERT published two control system security
advisories for products from Digital Canal Structural and Rockwell.
Digital Canal Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the Digital Canal Wind
Analysis structural engineering analysis software. The vulnerability was
reported by Peter Cheng. Digital Canal reports that the current version
mitigates the vulnerability. There is no indication that Cheng has verified the
efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to cause the device that the attacker
is accessing to become unavailable, resulting in a denial of service.
Rockwell Advisory
This advisory
describes a missing authorization vulnerability in the Rockwell PanelView Plus
6 700-1500. The vulnerability was self-reported by Rockwell. Rockwell has
identified firmware versions that mitigate the vulnerability. Rockwell also
reports that graphic terminals running OS 2.31 or greater are not affected by
this vulnerability.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to remotely access the device to
potentially retrieve data or disrupt the availability of the device.
Posts
No comments:
Post a Comment