Today the DHS ICS-CERT published a control system security
advisory for the Leão Consultoria e Desenvolvimento de Sistemas (LCDS) LAquis
SCADA software. They also published the draft agenda for the Spring 2017
meeting of the ICSJWG in Minneapolis, Minnesota, on April 11-13, 2017.
LCDS Advisory
This advisory describes an improper access control
vulnerability in the LAquis SCADA software. The vulnerability was reported by
Karn Ganeshen. LCDS has produced a new version to mitigate the vulnerability. ICS-CERT
reports that Ganeshen has verified the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker,
presumably with local access, could exploit the vulnerability to escalate their
privileges and modify or replace application files.
ICSJWG Agenda
ICS-CERT has provided a link to the draft
agenda for the ICSJWG Spring 2016 Meeting. It looks like there will be a
number of interesting presentations from familiar names and organizations.
There appears to be an increasing interest in the interface
of safety and security in process engineering. With the recent congressional
interest in cyber informed engineering (see S
79 in the 115th Congress and S
2943 in the last session) Virginia Wright of the Idaho National Labs will
be doing a presentation on the INL work on the topic (see here).
Posts
No comments:
Post a Comment