Today the DHS ICS-CERT published a control system security advisory for
the Opto22 PAC Control product. The vulnerability was reported by Robert Hawes.
Opto22 has a new version that mitigates the vulnerability. There is no
indication that Hawes was offered an opportunity to verify the efficacy of the
fix.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to crash the device being accessed,
and a buffer overflow condition may then allow remote code execution.
Posts
No comments:
Post a Comment