We have two exploit code releases this week for industrial
control systems, the vulnerability for one was previously reported by ICS-CERT.
The vulnerable products come from Prisma Industriale and Advantech.
Prisma Exploit
Gjoko 'LiquidWorm' Krstic published exploit code
for a hard-coded credential vulnerability in the Prisma Industriale Checkweigher,
an in-line weighment device. The vulnerability had been previously published
by Zero Science Labs; who had attempted to coordinate the disclosure with the
vendor.
The vulnerability reportedly allows a successful attacker
administrator level access to the device.
Advantech Exploit
Chris Lyne published exploit code
for a directory traversal vulnerability in the Advantech WebAccess products.
The vulnerability was previously reported by ICS-CERT and
ZDI.
According to ZDI, the vulnerability allows a successful attacker administrative-level
remote-code execution ability.
Posts
No comments:
Post a Comment