Today the CISA NCCIC-ICS published a control system security
advisory for products from Phoenix Contact.
Phoenix Contact Advisory
This advisory
describes an improper input validation vulnerability in the Phoenix Contact Automation
Worx Software Suite. The vulnerability was reported by the 9sg Security Team
via the zero day initiative.
Phoenix Contact provided generic workarounds while it
continues to work on an update to mitigate the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerability to compromise the
availability, integrity, or confidentiality of an application programming
workstation. Automated systems programmed using one of the affected products
are not impacted.
NOTE: I briefly
reported on this vulnerability on October 19th, 2019.
Posts
No comments:
Post a Comment