Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an Advisory today on a stack overflow vulnerability in the AzeoTech DAQFactory SCADA/HMI Product. This is the third Luigi vulnerability identified earlier this month that has had follow-up action published by ICS-CERT. AzeoTech responded by publishing an updated version of the software .
The vulnerability would allow an attacker with minimal skills to execute a denial of service attack on the system by sending a specially crafted message to an undocumented port on the system. A more experienced attacker could probably execute arbitrary code. Both types of attacks could be executed remotely.
Posts
