Today the DHS NCCIC-ICS published a control-system security
advisory for products from Rockwell and updated a previously published advisory
for products from IDenticard.
Rockwell Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the Rockwell RSLinx
Classic PLC communications software. The vulnerability was reported by Tenable.
Rockwell has patches that mitigate the vulnerability. There is no indication
that Tenable has been provided an opportunity to verify the efficacy of the
fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to allow a remote attacker to execute
arbitrary code on the target device.
IDenticard Update
This update
provides additional information on an advisory that was originally
published on January 31st, 2019. The new information includes:
• A revision to the affected
version data;
• A report that the hard-coded
credential vulnerability was corrected in an earlier version;
• New information about applying the latest update;
and
• A link to the IDenticard advisory
Posts
No comments:
Post a Comment