![]() Rakaczky, program director – control system security at Invensys Operations Management. “We appreciate it when anyone identifies software issues that may endanger the safety and well being of our customers and their systems,” said Ernest A. Invensys has identified mitigations for other products and prior versions. Invensys has confirmed the vulnerability, reported by Luigi Auriemma, exists for certain versions of Wonderware InTouch and Wonderware Application Server (WAS) prior to the latest 2012 release. The vulnerability allows an attacker to remotely crash older versions of the slssvc service by sending a long and unallocated Unicode string, according to this report, which released without coordination with either the vendor or ICS-CERT. SuiteLink is a communications protocol used by Invensys Wonderware supervisory control and data acquisition/human-machine interface (SCADA/HMI) products. ![]() There is an unallocated Unicode string vulnerability with proof-of-concept (PoC) exploit code affecting the Invensys Wonderware SuiteLink (SL) service (slssvc), which is part of the System Platform software suite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |