Tuesday, November 27, 2018

One Advisory is Published – 11-27-18


Today the DHS NCCIC-ICS published a control system security advisory for products from AVEVA.

This advisory describes an uncontrolled search path vulnerability in a third-party product used in the AVEVA Vijeo Citect, Citect SCADA product lines. The vulnerability is self-reported. The third party product is the Schneider Electric Software Update (SESU) software. This vulnerability was reported by Schneider earlier this month. The Schneider update mitigates this vulnerability in the AVEVA products.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit this vulnerability to execute arbitrary code on the target system.

NOTE: The AVEVA advisory was addressed in my blog post on Saturday.

No comments:

 
/* Use this with templates/template-twocol.html */