This afternoon the DHS ICS-CERT published a new advisory
for a memory corruption vulnerability in the Schneider Electric IMT25 DTM
component. The vulnerability was originally reported by Alexander Bolshev, Gleb
Cherbov, and Svetlana Cherkasova of Digital Security. Schneider has produced a
patch that mitigates the vulnerability and ICS-CERT reports that the
researchers have validated the efficacy of the fix.
ICS-CERT reports that it would be moderately difficult to
craft an exploit for this vulnerability and notes that access to an adjacent
network is required to exploit this vulnerability. The vulnerability is
remotely exploitable.
The Schneider
Security Notification for this vulnerability explains that the vulnerability
“includes a potential buffer overflow that possibly could lead to memory
corruption and cause Denial of Service or permit remote code execution”.
Posts
No comments:
Post a Comment