Saturday, March 30, 2019

Public ICS Disclosures – Week of 03-23-19

This week we have one vendor notification from Phoenix Contact and an update of an earlier vendor notification from Rockwell Automation.

Phoenix Contact Advisory

VDE-CERT published an advisory for an improper access control vulnerability in the Phoenix Contact FL NAT SMx web UI. The vulnerability was reported by Maxim Rupp. Phoenix Contact provides generic control measures to mitigate this vulnerability. There is no indication that Rupp was provided an opportunity to verify the efficacy of the fix.

Rockwell Update

Rockwell provided an update to their advisory published earlier this week. The update provides links to:

• The Applied Risk report on the vulnerability; and
The ICS-CERT advisory

No comments:

/* Use this with templates/template-twocol.html */