Yesterday the CISA NCCIC-ICS published a control system
security advisory for products from Schneider Electric.
Schneider Advisory
This advisory describes
five vulnerabilities in the Schneider Triconex TriStation and Triconex Tricon Communication
Module. The vulnerabilities were reported by Reid Wightman of Dragos, Inc.
Schneider has new versions that mitigate the vulnerabilities and has pushed
notification to customers.
The five reported vulnerabilities are:
• Cleartext transmission of
sensitive information - CVE-2020-7483,
• Uncontrolled resource consumption
- CVE-2020-7484 and CVE-2020-7486,
• Hidden functionality - CVE-2020-7485,
and
• Improper access control - CVE-2020-7491
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerabilities to allow an attacker to view clear
text data on the network, cause a denial-of-service condition, or allow
improper access.
Posts
No comments:
Post a Comment