Saturday, June 1, 2019

Public ICS Disclosures – Week of 05-25-19


This week we have three exploits for previously published vulnerabilities from Siemens, and some additional news on the Microsoft® RDP vulnerability.

Siemens Exploits


Matthias Deeg published three proof-of-concept exploits for previously reported vulnerabilities in the Siemens LOGO! 8 programmable logic controllers.

The three reported exploits are for the following reported vulnerabilities

Missing Authentication for Critical Function - CVE-2019-10919;
Storing Passwords in a Recoverable Format - CVE-2019-10921; and
Use of Hard-coded Cryptographic Key - CVE-2019-10920

RDP Vulnerability


We have two additional vendor disclosures about the RDP vulnerability:

PEPPERL+FUCHS; and
Medtronic

Spencer has published proof-of-concept exploit code for the RDP vulnerability.

Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */