Today the CISA NCCIC-ICS published a control system security
advisory for products from LCDS.
LCDS Advisory
This advisory
describes two vulnerabilities in the LCDS LAquis SCADA. The vulnerabilities
were reported by Natnael Samson via the Zero Day Initiative. LCDS has a new version
that mitigates the vulnerabilities. There is no indication that Samson was
provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Exposure of sensitive data to an
unauthorized actor - CVE-2020-10618; and
• Improper input validation - CVE-2020-10622.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access could exploit the vulnerabilities to allow
unauthorized attackers to view sensitive information and create files in
arbitrary locations.
Posts
No comments:
Post a Comment