Today the DHS NCCIC-ICS published a control system security
advisory for products from AVEVA. The advisory
describes an insufficiently protected credentials vulnerability in the AVEVA Vijeo
Citect and CitectSCADA software. The vulnerability was reported by VAPT Team,
C3i Center, and IIT Kanpur. AVEVA is recommending upgrading to a newer product;
CitectSCADA 2018. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker could
exploit the vulnerability to allow a locally authenticated user to obtain
Citect user credentials.
Posts
No comments:
Post a Comment