Public ICS Disclosures – Week of 03-04-18

This week we have one vendor release from OSIsoft and a researcher vulnerability announcement for Rapid SCADA.

OSIsoft

This week OSIsoft released PI ProcessBook 2015 R2 SP2 (3.6.2). According to the product release notes, one of the fixes included in the new version is an update of Microsoft® VBA to version 7.1 to mitigate the known security vulnerabilities in that program. The vulnerability had been reported to OSIsoft by a customer.

Rapid SCADA

This week Filipe Xavier Oliveira from Tempest Security Intelligence (a Brazilian cybersecurity firm) announced a privilege escalation vulnerability in the Rapid SCADA open-source industrial control system. According to the announcement on FullDisclosure, the vendor has been contacted and is not planning on addressing the vulnerability at this time.