This week we have two vendor disclosures from ABB and two
exploits for products from Modbus Tools.
CMS-770 Advisory
ABB published an advisory
for a configuration file vulnerability in the CMS-770 control unit. The vulnerability
was reported by Maxim Rupp. ABB has updated the manual for this product to
outline additional security measures that mitigate the vulnerability. There is
no indication that Maxim has been provided an opportunity to verify the
efficacy of the fix.
ABB reports that successful exploitation of this vulnerability
could cause the product to reveal the credentials allowing to take over the
entire control of the product.
M2M Ethernet Network Analyzer Advisory
ABB published an advisory for a language
file vulnerability in the M2M Ethernet Network Analyzer. The vulnerability was
reported by Maxim Rupp. ABB has updated the manual for this product to outline
additional security measures that mitigate the vulnerability. There is no indication
that Maxim has been provided an opportunity to verify the efficacy of the fix.
ABB reports that successful exploitation of this
vulnerability could allow an attacker to upload a language file to the product without
being requested to authenticate himself.
Modbus Tools Exploits
Kağan Çapar published an exploit for a
buffer overflow vulnerability in the Modbus Tools Modbus Slave programming tool.
No CVE number is provided so this may be a 0-day vulnerability.
Ihsan Sencan published an exploit for a denial of service
vulnerability in the Modbus Tools Modbus Slave programming tool. A new (no
details available) CVE number was provided so there is a possibility that the
vendor has been contacted about this vulnerability.
Posts
No comments:
Post a Comment