Today the DHS NCCIC-ICS published a control system security
advisory for products from Rockwell.
The advisory
describes a resources exhaustion vulnerability in the Rockwell PowerFlex 525 AC
Drives. The vulnerability was reported by Nicolas Merle of Applied Risk.
Rockwell has new firmware to mitigate the vulnerability. There is no indication
that Merle has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to result in resource exhaustion,
denial of service, and/or memory corruption.
NOTE: Is it just me, or does the timeline provided in the
Applied Risk advisory
seem a little bit long in the preliminary exchange of information?
Posts
No comments:
Post a Comment