Tuesday, May 4, 2021

2 Advisories Published – 5-4-21

Today CISA’s NCCIC-ICS published two control system security advisories for products from Delta Electronics and Advantech.

Delta Advisory

This advisory describes an out-of-bounds write vulnerability in the Delta CNCSoft ScreenEditor. The vulnerability was reported by kimiya via the Zero Day Initiative. Delta has an updated version that mitigates the vulnerability. There is no indication that kimiya has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to crash the device, and an out-of-bounds write may allow remote code execution.

Advantech Advisory

This advisory describes a use of hard-coded credentials vulnerability in the Advantech WISE-PaaS/RMM products. The vulnerability was reported by Chizuru Toyama of TXOne IoT/ICS Security Research Labs via ZDI. Advantech considers the product end-of-life and offers no mitigation measures beyond replacing the device.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit this vulnerability to  allow an attacker to obtain sensitive information.

No comments:

 
/* Use this with templates/template-twocol.html */