Symantec has released an update to address an issue that was discovered in the Industrial Control System Protection (ICSP) product.
Industrial Control System Protection (ICSP)
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-18380
|
ICSP 6.x.x
|
Upgrade to ICSP 6.1.1.123
CVE-2019-18380
Severity/CVSSv3:
|
High / 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Impact:
|
Security Focus: BID 111115 / NVD: CVE-2019-18380
Unauthorized Access
Description:
|
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
An update of the Industrial Control System Protection (ICSP), version 6.1.1.123, has been released which addresses this issue. The latest Industrial Control System Protection (ICSP) releases and patches are available to customers through normal support channels or via auto-update with an internet connection. Currently, there is no evidence of any attempts at this exploit in the wild.
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
industrial control system protection (icsp) | eq | 6 |