Tuesday, September 4, 2018

ICS-CERT Publishes Opto22 Advisory

Today the DHS ICS-CERT published a control system security advisory for the Opto22 PAC Control product. The vulnerability was reported by Robert Hawes. Opto22 has a new version that mitigates the vulnerability. There is no indication that Hawes was offered an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit the vulnerability to crash the device being accessed, and a buffer overflow condition may then allow remote code execution.

No comments:

/* Use this with templates/template-twocol.html */