Thursday, May 30, 2019

One Advisory Published – 05-30-19

Today the DHS NCCIC-ICS published a control system security advisory for products from AVEVA. The advisory describes an insufficiently protected credentials vulnerability in the AVEVA Vijeo Citect and CitectSCADA software. The vulnerability was reported by VAPT Team, C3i Center, and IIT Kanpur. AVEVA is recommending upgrading to a newer product; CitectSCADA 2018. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could exploit the vulnerability to allow a locally authenticated user to obtain Citect user credentials.

No comments:

/* Use this with templates/template-twocol.html */