This week we have one vendor disclosure from Schneider
Electric and there is of course the federal funding fiasco.
Schneider Advisory
Schneider published an advisory
for a use after free vulnerability in their Zelio Soft software product. The
vulnerability was reported by mdm and rgod, of the 9SG Security Team. Schneider
has an update available to mitigate the vulnerability. There is no indication
that the researchers have been provided an opportunity to verify the efficacy
of the fix.
Federal Funding Fiasco
This is the first week of the FFF and it looks like it could
last for a while. The NCCIC-ICS landing
page does not include the FFF
banner that is found on web sites for other Cybersecurity and Infrastructure
Security Agency (CISA) organizations. I would like to think that that would
mean that NCCIC-ICS is up and functioning like the main National Cybersecurity
and Communications Integration Center (NCCIC) presumably is.
Unfortunately, the lack of publication of any advisories
this week leads me to conclude that if NCCIC-ICS is functioning, it is doing so
in a limited fashion. It would be helpful if NCCIC-ICS were to delineate which
of its functions were deemed to be essential enough to continue during the FFF.
Posts
No comments:
Post a Comment