Thursday, March 28, 2019

1 Advisory Published – 03-28-19

Today the DHS NCCIC-ICS published a control system security advisory for products from Rockwell.

The advisory describes a resources exhaustion vulnerability in the Rockwell PowerFlex 525 AC Drives. The vulnerability was reported by Nicolas Merle of Applied Risk. Rockwell has new firmware to mitigate the vulnerability. There is no indication that Merle has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to result in resource exhaustion, denial of service, and/or memory corruption.

NOTE: Is it just me, or does the timeline provided in the Applied Risk advisory seem a little bit long in the preliminary exchange of information?

No comments:

/* Use this with templates/template-twocol.html */