This week we have three vendor disclosures for products from
WAGO and Honeywell (2).
WAGO Advisory
CERT.VDE published an advisory
describing an external control of path name or file vulnerability in the WAGO Series
PFC100 and Series PFC200 controllers. The vulnerabilities were reported by Nico
Jansen of Fachhochschule Aachen. WAGO has new firmware to mitigate the
vulnerability. There is no indication that Jansen has been provided an opportunity
to verify the efficacy of the fix.
Honeywell Advisories
IP Camera DOS Advisory
Honeywell published an
advisory [.PDF download link] describing a denial of service vulnerability
in their equIP® Series Cameras. The vulnerability is apparently self-reported.
Honeywell has a firmware update that mitigates the vulnerability.
IP Camera Replay Attack Advisory
Honeywell published an
advisory [.PDF download link] describing a replay attack vulnerability in
their equIP® Series Cameras, Performance Series Cameras, as well as some of
their video recorders. The vulnerability is apparently self-reported. Honeywell
has a firmware update that mitigates the vulnerability.
NOTE: Honeywell has an interesting feature in their
advisories. They actually list the skills that an attacker would need to have
in order to exploit the vulnerability.
Posts
No comments:
Post a Comment