This week we have the promised vendor reports from Siemens
and exploit code for a Rockwell product vulnerability that was just reported
this week by ICS-CERT.
Siemens Vulnerabilites
On Tuesday Siemens reported new vulnerabilities in the following
products:
• RAPIDLab
1200 and RAPIDPoint 400/500 Blood Gas Analyzers (Privilege escalation and
hard-coded password – self-reported);
• SCALANCE
M875 {Web access vulnerability (2), Cross-site scripting (2), and password
disclosure – reported by Eugenie Potseluevskaya from Kaspersky Lab}; and
• Building
Technologies Products (Three vulnerabilities in the Gemalto Sentinel LDK
RTE license management dongle – self-reported)
On Tuesday Siemens updated previously reported vulnerabilities
in two products:
• SIPROTEC
4 and SIPROTEC Compact Devices (Previous - ICS-CERT # ICSA-17-187-03F
- Clarified update for 7SJ686); and
• Industrial
Products (Previous – ICS-CERT # ICSA-17-129-01I [corrected ICS-CERT advisory #, 06-21-18 21:52 EDT] - Detailed PCS 7 affection; Added update information for PCS V8.2)
Rockwell Exploit
On Wednesday LiquidWorm published exploit code on
Exploit-db.com for an unquoted search path vulnerability in the Rockwell RSLinx
Classic and FactoryTalk Linx Gateway. This vulnerability was reported
via ICS-CERT on June 7th, 2018.
Posts
No comments:
Post a Comment