Thursday, June 3, 2021

1 Advisory Published – 6-3-21

Today CISA’s NCCIC-ICS published one control system security advisory for products from Advantech.

Advantech Advisory

This advisory describes two vulnerabilities in the Advantech iView products. The vulnerabilities were reported by Selim Enes Karaduman via the Zero Day Initiative. Advantech has a new firmware version that mitigates the vulnerabilities. There is no indication that Karaduman has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to disclose information and perform remote code execution.

No comments:

 
/* Use this with templates/template-twocol.html */