Friday, July 24, 2020

1 Advisory Published – 7-23-20

Yesterday the CISA NCCIC-ICS published a control system security advisory for products from Schneider Electric.

Schneider Advisory

This advisory describes five vulnerabilities in the Schneider Triconex TriStation and Triconex Tricon Communication Module. The vulnerabilities were reported by Reid Wightman of Dragos, Inc. Schneider has new versions that mitigate the vulnerabilities and has pushed notification to customers.

The five reported vulnerabilities are:

• Cleartext transmission of sensitive information - CVE-2020-7483,
• Uncontrolled resource consumption - CVE-2020-7484 and CVE-2020-7486,
• Hidden functionality - CVE-2020-7485, and
• Improper access control - CVE-2020-7491

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.

No comments:

/* Use this with templates/template-twocol.html */