Today the DHS ICS-CERT published control system security
advisories for products from Schneider and Moxa.
Schneider Advisory
This advisory
describes three vulnerabilities in the Schneider Pelco VideoXpert Enterprise
products. The vulnerabilities were reported by Gjoko Krstic. Schneider has
released a firmware update that mitigates the vulnerabilities. There is no
indication that Krstic has been provided an opportunity to verify the efficacy
of the fix.
The three reported vulnerabilities are:
• Path traversal (2) - CVE-2017-9964,
CVE-2017-9965; and
• Improper access control - CVE-2017-9966
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to gain system privileges or allow
an unauthorized user to view files.
Moxa Advisory
This advisory
describes a credentials management vulnerability in the Moxa NPort serial
network interface. The vulnerability was reported to Federico Maggi. Moxa has
produced a new firmware version that mitigates the vulnerability. There is no
indication that Maggi was provided an opportunity to verify the efficacy of the
fix.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow unauthorized access.
Posts
No comments:
Post a Comment