Today the DHS ICS-CERT published a control system security
advisory for products from Ice Qube. The advisory describes two vulnerabilities
in the Thermal Management Center. The vulnerabilities were reported by Maxim
Rupp. Ice Qube has a new version available that mitigates the vulnerabilities.
There is no indication that Rupp has been provided an opportunity to verify the
efficacy of the fix.
The two reported vulnerabilities are:
• Improper authentication - CVE-2017-14026;
and
• Unprotected storage of credentials - CVE-2017-16714
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to gain unauthorized access to configuration
files or obtain sensitive information.
Posts
No comments:
Post a Comment