Saturday, December 9, 2017

Public ICS Vulnerability Disclosures – Week of 12-03-17

Yesterday Joel Langill pointed out a vulnerability report from ABB that was published over two weeks ago. The report addresses an authentication vulnerability in the ABB Ellipse 8 products. The ABB report notes that the vulnerability exists in the implementation of the Lightweight Directory Access Protocol (LDAP) that would allow an attacker with local network access to sniff the unsecured authentication credentials sent between the Ellipse device and the LDAP/AD server.

As with any vulnerability that is found to exist in an implementation of an industry-wide standard, the question arises; what other vendors are using this vulnerable implementation?


NOTE: The ABB report states that the vulnerability was reported in a “responsible disclosure”, but does not name the researcher making the disclosure.

No comments:

 
/* Use this with templates/template-twocol.html */