Saturday, March 17, 2018

Public ICS Disclosure – Week of 03-10-18


We have two exploit code releases this week for industrial control systems, the vulnerability for one was previously reported by ICS-CERT. The vulnerable products come from Prisma Industriale and Advantech.

Prisma Exploit


Gjoko 'LiquidWorm' Krstic published exploit code for a hard-coded credential vulnerability in the Prisma Industriale Checkweigher, an in-line weighment device. The vulnerability had been previously published by Zero Science Labs; who had attempted to coordinate the disclosure with the vendor.

The vulnerability reportedly allows a successful attacker administrator level access to the device.

Advantech Exploit


Chris Lyne published exploit code for a directory traversal vulnerability in the Advantech WebAccess products. The vulnerability was previously reported by ICS-CERT and ZDI. According to ZDI, the vulnerability allows a successful attacker administrative-level remote-code execution ability.

No comments:

 
/* Use this with templates/template-twocol.html */