Today the CISA NCCIC-ICS published one control system
security advisory for products from Advantech.
Advantech Advisory
This advisory describes
a stack-based buffer overflow in the Advantech WebAccess HMI platform. The
vulnerability was reported by Peter Cheng of Elex CyberSecurity. Advantech has
a new version that mitigates the vulnerability. There is no indication that
Cheng was provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow remote code execution.
NOTE: I wonder if this could be the same vulnerability that was
reported by Tenable back in December. Different CVE numbers, but that does
not mean a lot. Not enough detail in the NCCIC-ICS report to really tell.
Posts
No comments:
Post a Comment