Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Critical Infrastructure exploitable vulnerability will not be patched

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 10 Nov 2011 02:15:27 -0600 (CST)
http://www.itwire.com/business-it-news/security/51019-critical-infrastructure-exploitable-vulnerability-will-not-be-patched

By David Heath
iTWire
09 November 2011
In April this year, a vulnerability was discovered in a commonly used critical infrastructure Web Access product. Exploitable code was also made available. The manufacturer has announced that no patch will be released.
According to ISC-CERT, advisory ICSA-11-094-02A spells out the following:
“Independent security researcher Rubén Santamarta has identified details and released exploit code for a Remote Procedure Call (RPC) vulnerability in Advantech/BroadWin WebAccess. This is a web browser-based human-machine interface (HMI) product. This RPC vulnerability affects the WebAccess Network Service on 4592/TCP and allows remote code execution.
“Advantech/BroadWin has notified ICS-CERT that a patch will not be issued to address this vulnerability.”
Allow me to repeat that. A simple RPC exploit in software that is used for a variety of critical infrastructure projects WILL NOT BE PATCHED. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: