Thursday, September 6, 2018

ICS-CERT Publishes Ice Qube Advisory

Today the DHS ICS-CERT published a control system security advisory for products from Ice Qube. The advisory describes two vulnerabilities in the Thermal Management Center. The vulnerabilities were reported by Maxim Rupp. Ice Qube has a new version available that mitigates the vulnerabilities. There is no indication that Rupp has been provided an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Improper authentication - CVE-2017-14026; and
Unprotected storage of credentials - CVE-2017-16714

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to gain unauthorized access to configuration files or obtain sensitive information.

No comments:

/* Use this with templates/template-twocol.html */