This week Karn Ganeshen provided exploit information on the Full Disclosure
web site for vulnerabilities that he had previously coordinated with ICS-CERT.
Most of them are relatively simple DLL insertions so there is nothing here that
the experienced researcher would not have been able to deduce from the ICS-CERT
reports on the vulnerabilities. I include these here since ICS-CERT will not
update their advisories to indicate that exploits are publicly available.
The affected products include:
• Schneider Electric Pro-Face WinGP
– ICSA-17-215-01;
• Solar Controls WATTConfig M
Software - ICSA-17-222-03;
• Solar Controls Heating Control
Downloader - ICSA-17-222-02;
• SIMPlight SCADA Software - ICSA-17-222-01;
• SpiderControl SCADA Web Server - ICSA-17-234-03;
• Spider Control SCADA MicroBrowser
- ICSA-17-234-02;
• Moxa SoftNVR-IA Live Viewer - ICSA-17-220-02;
and
• AzeoTech DAQFactory - ICSA-17-241-01
Posts
No comments:
Post a Comment