Today the CISA NCCIC-ICS published a control system security
advisory for products from WAGO.
WAGO Advisory
This advisory
describes nine vulnerabilities in the WAGO I/O-CHECK Series PFC100 and Series
PFC200. The vulnerabilities were reported by Kelly Leuschner of Cisco Talos.
WAGO has new firmware that mitigates the vulnerability. There is no indication
that Leuschner has been provided an opportunity to verify the efficacy of the
fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an attacker to change settings,
delete the application, run remote code, cause a system crash, cause a
denial-of-service condition, revert to factory settings, and overwrite MAC
addresses.
NOTE: I briefly
discussed these vulnerabilities back in December. In that post I provided
links to the individual vulnerability reports from Talos; many of those reports
included proof-of-concept exploit code.
ICSJWG 2020 Spring Meeting
Yesterday @ICSCERT
announced
that the 2020 Spring Meeting would be held in Salt Lake City, UT on April 14th
thru 15th. Unfortunately, the link provided in the TWEET is incomplete
and returns a 404 message. There is no message about this on the ‘ICS-CERT Announcements’
page.
Posts
No comments:
Post a Comment