This afternoon the DHS ICS-CERT published an advisory
for a stack-based buffer overflow vulnerability in the MICROSYS PROMOTIC
application. The vulnerability was discovered by an anonymous researcher and it
was coordinated through the HP Zero Day Initiative. MICROSYS produced a new
version that mitigates the vulnerability though there is no indication that the
anonymous researcher was given the opportunity to verify the efficacy of the
fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability if the demonstration application is
running. A successful exploit could lead to a denial of service situation or
provide data leakage.
The MICROSYS description of the new
version does not contain any discussion of the vulnerability or its fix.
Posts
No comments:
Post a Comment