This week we have three control system exploits being
published for products from Schneider (AVEVA?)(2) and CirControl (an automobile
charging station vendor).
Schneider Exploits
NOTE: Neither of the exploit reports described below include
CVE numbers so it is possible that these are 0-day exploits, but they are both for
very common vulnerabilities, so it is hard to tell.
Luis Martinez published an exploit for
a local buffer overflow vulnerability in the Schneider InTouch Machine.
Martinez also published an exploit for
a local buffer overflow vulnerability in the Schneider InduSoft Web Studio.
CirControl Exploit
David Castro (SadFud) published an exploit for
a credential exposure vulnerability in the CirCarLife SCADA. The CVE indicates
that the vulnerability was announced
in June, but there is no indication that CirControl was notified and there is
no listing of anything to do with cybersecurity on the CirControl web site.
Posts
No comments:
Post a Comment