Thursday, March 11, 2021

1 Advisory Published – 3-11-21

Today the CISA NCCIC-ICS published a control system security advisory for products from Schneider.

 Schneider Advisory

This advisory describes four improper restrictions of operation within the bounds of a memory buffer in the Schneider Interactive Graphical SCADA System (IGSS). The vulnerabilities were reported by Kimiya via the Zero Day Initiative. Schneider has a new version that mitigates the vulnerabilities. There is no indication that that Kimiya has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerability in way that could result in remote code execution.

Other Schneider Advisories

Schneider published this vulnerability on Tuesday. They also published two other new advisories and updated two previously published advisories. I will discuss these advisories this weekend.

No comments:

/* Use this with templates/template-twocol.html */