Saturday, August 5, 2017

ICS-CERT Publishes Eaton Alert

Yesterday the DHS ICS-CERT published a control system security alert for products from Eaton. The alert describes two buffer overflow vulnerabilities in the Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. The vulnerabilities were reported by Ariele Caltabiano (kimiya) via the Zero Day Initiative. ZDI has published advisories on these vulnerabilities (here and here) due to the lack of mitigation response from Eaton.

No comments:

/* Use this with templates/template-twocol.html */