Tenable published a report on three
vulnerabilities in the LabKey Server Community medical data collaboration tool.
LabKey has produced a new version that mitigates the vulnerabilities. There is
no indication that Tenable has verified the efficacy of the fix.
The three reported vulnerabilities are:
• Cross-site scripting - CVE-2019-3911;
• Open redirects - CVE-2019-3912;
and
• Logic flaw in network drive mapping functionality -
CVE-2019-3913
NOTE: The Tenable report includes proof of concept exploit
details.
OSIsoft Alert
OSIsoft has published an alert
for a Windows® update problem for the OSIsoft PI Interface for OPC
DA/HDA/Alarms and Events product. Under specific conditions running the Windows
security update KB4480960 will
result in a denial of service condition. The condition can be mitigated by applying
the Microsoft hotfix KB4487345.
Okay, this is not actually a security vulnerability, but it
is a potential problem arising from the application of a security measure;
applying a product update. This is a good example of why it is necessary to
apply updates to a non-operational version of the control system network prior
to applying it to the operational version. Identifying the problem and fixing
it may be a pain, but operations are not affected.
Posts
No comments:
Post a Comment