Tuesday, January 26, 2016

ICS-CERT Publishes Two Advisories

This morning the DHS ICS-CERT published two control system advisories. They were for systems from Rockwell Automation and MICROSYS.

Rockwell Advisory

This advisory describes a stack-based buffer overflow vulnerability in the Allen-Bradley MicroLogix 1100 PLCs. The vulnerability was reported by David Atch of CyberX. Rockwell has produced a firmware update that mitigates the vulnerability, but there is no indication that Atch has been provided the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to run arbitrary code on the device.

MICROSYS Advisory

This advisory describes a memory corruption vulnerability in the MICROSYS PROMOTIC application. The vulnerability was reported by Praveen Darshanam of Versa Networks. MICROSYS has produced a new version which mitigates the vulnerability and Darshanam has verified the efficacy of the fix.

ICS-CERT reports that it would be relatively easy to craft a social engineering exploit of this vulnerability. This is the first time that I have seen ICS-CERT that crafting a specific social engineering exploit “would be simple”.


The PROMOTIC update note indicate that the vulnerability exists in the TrendsView ActiveX component.

No comments:

 
/* Use this with templates/template-twocol.html */