Yesterday the DHS NCCIC-ICS published one new control system
security advisory and updates for two previously published advisories.
PEPPERL+FUCHS Advisory
This advisory describes
and improper privilege management vulnerability in the PEPPERL+FUCHS CT50-Ex.
This vulnerability is being self-reported. PEPPERL+FUCHS has an update
available that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow a malicious third-party
application to gain elevated privileges and obtain access to sensitive
information.
NOTE: I discussed
this vulnerability (and the associated Honeywell advisory) two weeks ago.
Rockwell Update
This update
provides new information on an advisory that was originally
reported on March 1st, 2016. The new information includes:
• Report of a publicly available
exploit;
• Added affected products and associated
mitigation measures;
• Added a second reporting
researcher {Venkatesh Sivakumar (@PranavVenkatS)}; and
• Added additional mitigation measures.
NOTE: Rockwell has not updated their security
advisory to reflect these changes.
Vecna Update
This update
provides new information on an advisory that was originally
published on April 24th, 2018. The new information includes:
• Report of remote exploitability;
• Added two new vulnerabilities;
• Expanded exploit risk;
• Clarified affected versions; and
• Added three new vulnerabilities
Posts
No comments:
Post a Comment