Saturday, December 29, 2018

Public ICS Disclosures – Week of 12-22-18

This week we have one vendor disclosure from Schneider Electric and there is of course the federal funding fiasco.

Schneider Advisory

Schneider published an advisory for a use after free vulnerability in their Zelio Soft software product. The vulnerability was reported by mdm and rgod, of the 9SG Security Team. Schneider has an update available to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

Federal Funding Fiasco

This is the first week of the FFF and it looks like it could last for a while. The NCCIC-ICS landing page does not include the FFF banner that is found on web sites for other Cybersecurity and Infrastructure Security Agency (CISA) organizations. I would like to think that that would mean that NCCIC-ICS is up and functioning like the main National Cybersecurity and Communications Integration Center (NCCIC) presumably is.

Unfortunately, the lack of publication of any advisories this week leads me to conclude that if NCCIC-ICS is functioning, it is doing so in a limited fashion. It would be helpful if NCCIC-ICS were to delineate which of its functions were deemed to be essential enough to continue during the FFF.

No comments:

/* Use this with templates/template-twocol.html */