Today CISA’s NCCIC-ICS published one control system security advisory for products from Advantech.
Advantech Advisory
This advisory describes two vulnerabilities in the Advantech iView products. The vulnerabilities were reported by Selim Enes Karaduman via the Zero Day Initiative. Advantech has a new firmware version that mitigates the vulnerabilities. There is no indication that Karaduman has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to allow an attacker to disclose
information and perform remote code execution.
Posts
No comments:
Post a Comment