Thursday, July 12, 2018

ICS-CERT Publishes an Advisory and an Update


Today the DHS ICS-CERT published a control system security advisory for products from Eaton. They also updated a medical device security advisory for products from Medtronic.

Eaton Advisory


This advisory describes a stack-based buffer overflow in the Eaton 9000X Drive. The vulnerability was reported by Ghirmay Desta working with the Zero Day Initiative. Eaton has an update available that mitigates the vulnerability. There is no indication that Desta was provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that an uncharacterized attacker could remotely exploit the vulnerability to allow remote code execution.

Medtronic Update

This update provides additional information for an advisory that was originally published on May 17th, 2018. The update adds a second vulnerability (Protection mechanism failure - CVE-2018-10631). This necessitated an increase of the CVSS (v3) ranking from 4.6 to 6.3 and an expanded risk evaluation section of the advisory.

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */