Today the DHS ICS-CERT published a control system security
advisory for the Schneider Electric ClearSCADA product. It describes an
improper input validation vulnerability. The vulnerability was reported by Sergey
Temnikov and Vladimir Dashchenko of Kaspersky Lab’s Critical Infrastructure
Defense Team. Schneider has produced new updates to mitigate the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to cause the ClearSCADA server process
and communications driver processes to terminate.
Posts
No comments:
Post a Comment