Easily using Vulnerability CVE-2 0 1 6-4 5 0 2 ranged attack power plants-vulnerability warning-the black bar safety net

ID MYHACK58:62201675500
Type myhack58
Reporter 佚名
Modified 2016-06-03T00:00:00


! Repair hopeless? You can only deactivate the function or replace the device! Recently,without a patch the vulnerability, CVE-2 0 1 6-4 5 0 2 be found use in industrial control systems,has now been found that power plants use industrial control system may be severely affected,contrive evil intentions of an attacker could exploit the vulnerability remotely control the power plant system. Specific development code has been spread in the network,which forces U.S. computer Emergency Response Team(US Computer Emergency Response Team)quickly issued a warning. Independent researchers Maxim Rupp(Maxim Rupp)reported vulnerabilities(CVE-2 0 1 6-4 5 0 2)is directed to the environmental system of the company 8 8 3 2 Data Controller 3. 0 2 Version and older version. This is a high risk of vulnerability,because an attacker can use it to any changes to the system configuration. According to the U.S. computer Emergency Response Team in a recent a notice, said:“the ESC(electronic stability program,Electronic stability control)the ESC 8 8 3 2 The data controller not available code space to do any additional security patches,so firmware update is impossible,and these vulnerabilities may be remotely exploitable,even the art of not finishing the attacker can easily exploit these vulnerabilities to cause trouble.” The affected company can only purchase a new device,or restrict certain system functions to use,in order to eliminate the vulnerability. The researchers recommend that system administrators block 8 0 port,stop using the Device Manager Web interface,or using any of the alternatives to perform a similar operation.