This morning the DHS ICS-CERT published two industrial
control system security advisories for products from Siemens and Moxa.
Siemens Advisory
This advisory describes
a privilege escalation vulnerability in the Siemens SINEMA Server. The
vulnerability was reported by rgod via the Zero Day Initiative. Siemens has
developed a temporary fix for the vulnerability while a new version is being
developed. There is no indication that rgod has been provided an opportunity to
verify the efficacy of the temporary fix.
ICS-CERT reports that a relatively low skilled attacker with
local access could exploit the vulnerability with a social engineering attack
to escalate their privileges.
Moxa Advisory
This advisory describes
an SQL injection vulnerability in the Moxa SoftCMS. The vulnerability was
reported by Zhou Yu of Acorn Network Security via the Zero Day Initiative. Moxa
has produced an update to mitigate the vulnerability, but there is no indication
that Yu has been provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to execute arbitrary commands on the target
system.
Posts
No comments:
Post a Comment