Saturday, September 2, 2017

Public ICS Disclosure – Week of 9-25-17

This week Karn Ganeshen provided exploit information on the Full Disclosure web site for vulnerabilities that he had previously coordinated with ICS-CERT. Most of them are relatively simple DLL insertions so there is nothing here that the experienced researcher would not have been able to deduce from the ICS-CERT reports on the vulnerabilities. I include these here since ICS-CERT will not update their advisories to indicate that exploits are publicly available.

The affected products include:

• Schneider Electric Pro-Face WinGP – ICSA-17-215-01;
• Solar Controls WATTConfig M Software - ICSA-17-222-03;
• Solar Controls Heating Control Downloader - ICSA-17-222-02;
• SIMPlight SCADA Software - ICSA-17-222-01;
• SpiderControl SCADA Web Server - ICSA-17-234-03;
• Spider Control SCADA MicroBrowser - ICSA-17-234-02;
• Moxa SoftNVR-IA Live Viewer - ICSA-17-220-02; and

• AzeoTech DAQFactory - ICSA-17-241-01

No comments:

/* Use this with templates/template-twocol.html */