Today the DHS NCCIC-ICS published two control system
security advisories for products from Datalogic and Delta Controls.
Datalogic Advisory
This advisory
describes an authentication bypass using an alternate path or channel
vulnerability in the Datalogic AV7000 Linear Barcode Scanner. The vulnerability
was reported by Tri Quach and Blake Johnson of Amazon’s Customer Fulfillment Technology
Security (CFTS) group. Datalogic has a new firmware version that mitigates the
vulnerability. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker to remotely
execute arbitrary code.
Delta Controls Advisory
This advisory
describes a buffer overflow vulnerability in the Delta Controls enteliBUS
Controllers. The vulnerability was reported by Douglas McKee @fulmetalpackets
and contributing researcher Mark Bereza @ROPsicle of McAfee Advanced Threat
Research. Delta Controls has a new version that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker to remotely
execute arbitrary code.
Posts
No comments:
Post a Comment