Tuesday, June 6, 2017

ICS-CERT Publishes Two Advisories

Today the DHS ICS-CERT published two control system security advisories for products from Digital Canal Structural and Rockwell.

Digital Canal Advisory


This advisory describes a stack-based buffer overflow vulnerability in the Digital Canal Wind Analysis structural engineering analysis software. The vulnerability was reported by Peter Cheng. Digital Canal reports that the current version mitigates the vulnerability. There is no indication that Cheng has verified the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to cause the device that the attacker is accessing to become unavailable, resulting in a denial of service.

Rockwell Advisory


This advisory describes a missing authorization vulnerability in the Rockwell PanelView Plus 6 700-1500. The vulnerability was self-reported by Rockwell. Rockwell has identified firmware versions that mitigate the vulnerability. Rockwell also reports that graphic terminals running OS 2.31 or greater are not affected by this vulnerability.


ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to remotely access the device to potentially retrieve data or disrupt the availability of the device.

No comments:

 
/* Use this with templates/template-twocol.html */