This week we have two vendor disclosures and three exploits
for previously disclosed vulnerabilities; all for products from Schneider.
PowerLogic PM5560 Advisory
Schneider published
an advisory for their PowerLogic PM5560 product for a cross protocol injection
vulnerability. The vulnerability was reported by Ezequiel Fernandez and Bertin
Jose. Schneider has an update available that mitigates the vulnerability. There
is no indication that the researchers have been provided an opportunity to
verify the efficacy of the fix.
Modicon M221 Advisory
Schneider published
an advisory for their Modicon M221 product for an improper check for unusual or
exceptional conditions vulnerability. The vulnerability was reported by Yehonatan
Kfir of Radiflow. Schneider has a firmware update available that mitigates the vulnerability.
There is no indication that Kfir has been provided an opportunity to verify the
efficacy of the fix.
Schneider Electric IGSS Exploit
Alejandro Parodi published exploit code
for a remote code execution vulnerability in the Schneider Electric IGSS. This
vulnerability was previously
reported by ICS-CERT in January 2013.
Schneider Electric Serial Modbus Drive Exploits
Alejandro Parodi published exploit code (here and here) for two separate vulnerabilities
in the Schneider Electric Serial Modbus Drive; a denial of service vulnerability
and a remote code execution vulnerability. Both vulnerabilities were previously
reported by ICS-CERT in March 2014.
Posts
No comments:
Post a Comment