Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.Vijeo Citect and Citect SCADA users using the IEC870IP driver v4.14.02 and prior are affected and should upgrade to the IEC870IP driver v4.15.00 (sign in required) as soon as possible.įor addition information please see AVEVA Security Bulletin LFSEC00000139.įor information on how to reach AVEVA support, please refer to this link (sign in required): AVEVA Software Global Customer Support.ĬISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. VAPT Team, C3i Center, IIT Kanpur, India reported this vulnerability to AVEVA. CRITICAL INFRASTRUCTURE SECTORS: Energy.A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). This vulnerability impacts only the IEC870IP driver and not the core Vijeo Citect or Citect SCADA software.ĬVE-2019-13537 has been assigned to this vulnerability. The IEC870IP driver for Vijeo Citect and Citect SCADA has a buffer overflow that could cause a server-side crash. The following versions of the IEC870IP driver used in Vijeo Citect and Citect SCADA are affected:ģ.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
Vulnerability: Stack-based Buffer Overflow.Equipment: Vijeo Citect and Citect SCADA.ATTENTION: Exploitable remotely/low skill level to exploit.
0 kommentar(er)
