Tuesday, October 29, 2019

1 Advisory Published – 10-29-19

Today the CISA NCCIC-ICS published a control system security advisory for products from Phoenix Contact.

Phoenix Contact Advisory

This advisory describes an improper input validation vulnerability in the Phoenix Contact Automation Worx Software Suite. The vulnerability was reported by the 9sg Security Team via the zero day initiative.
Phoenix Contact provided generic workarounds while it continues to work on an update to mitigate the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability to compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one of the affected products are not impacted.

NOTE: I briefly reported on this vulnerability on October 19th, 2019.

No comments:

/* Use this with templates/template-twocol.html */