Today the DHS ICS-CERT published a control system security advisory for
the Progea Movicon SCADA/HMI. It describes two vulnerabilities in the product.
The vulnerabilities were reported by Karn Ganeshen. Progea has only provided
a generic Microsoft workaround for DLL hijacking at this point. ICS-CERT does
not report any further scheduled response.
The two reported vulnerabilities are:
• Uncontrolled search path element
- CVE-2017-14017; and
• Unquoted search path or element - CVE-2017-14019
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to allow privilege escalation or
arbitrary code execution.
Posts
No comments:
Post a Comment