Saturday, June 17, 2017

Public ICS Disclosure – Week of 6-10-17

This week Richard Young described a privilege escalation vulnerability on the APC UPS Daemon. The Seclist – Full Disclosure report notes that Young has attempted a coordinated disclosure, but received an inadequate response from the vendor. He reports that:

“The default installation of APCUPSD allows a local unprivileged user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable, which will run with SYSTEM privileges at startup.”

The APCUPSD web site reports that the program supports Modbus (via both serial and USB connections) making this UPS support program vulnerability potentially a control system security issue.

No comments:

/* Use this with templates/template-twocol.html */