Saturday, August 31, 2013

Vulnerability in multiple Triangle MicroWorks’ products

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported on August 28, 2013 the following vulnerability:

Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.

This vulnerability could be exploited remotely.

The following Triangle MicroWorks products are affected:

  • SCADA Data Gateway, v2.50.0309 through v3.00.0616
  • DNP3 .NET Protocol components, v3.06.0.171 through v3.15.0.369
  • DNP3 ANSI C source code libraries, v3.06.0000 through v3.15.0000

Click HERE to access the complete report.

No comments: