Today the DHS NCCIC-ICS published a control system security
advisory for products from AVEVA.
This advisory
describes an uncontrolled search path vulnerability in a third-party product
used in the AVEVA Vijeo Citect, Citect SCADA product lines. The vulnerability
is self-reported. The third party product is the Schneider Electric Software
Update (SESU) software. This vulnerability was reported
by Schneider earlier this month. The Schneider update mitigates this
vulnerability in the AVEVA products.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit this vulnerability to execute
arbitrary code on the target system.
NOTE: The AVEVA advisory was addressed in my
blog post on Saturday.
Posts
No comments:
Post a Comment