Access denied | www.shouldiremoveit.com used Cloudflare to restrict access
Please enable cookies.
What happened?
The owner of this website (www.shouldiremoveit.com) has banned your access based on your browser's signature (3f140e-ua98).Chemical Safety Incidents
There are vulnerabilities in AzeoTech DAQFactory that could force a system reboot or shutdown, according to an ICS-CERT advisory.
ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) first received a report from the nSense Vulnerability Coordination Team. The initial report came out May 24, but there was a delay in the release to allow users sufficient time to download and install the upgrade.
RELATED STORIES
ICS-CERT worked with nSense and AzeoTech to validate the vulnerabilities and create a mitigation strategy.
Azeotech has created a new version (Version 5.85, Build 1842) to resolve these vulnerabilities. Users who do not require the networking capability can easily adjust the system settings in their existing versions to disable the vulnerable feature.
The default settings for future releases (Versions 5.85 and newer) will change to mitigate the vulnerability. ICS-CERT confirmed Version 5.85 and disabling the vulnerable feature in older versions successfully mitigates this vulnerability.
AzeoTech said DAQFactory networking vulnerability only affects users of DAQFactory Standard, Pro, Developer, or Runtime. DAQFactory Express, Starter, Lite, and Base do not support networking and are not vulnerable to these attacks.
When the affected networking features of DAQFactory are working and the system is in an insecure position, an attacker can cause the system to stop functioning or reboot.
AzeoTech provides supervisory control and data acquisition (SCADA) and human-machine interface (HMI) software to users in multiple industries, including water, power, and manufacturing. AzeoTech customers are primarily in the United States and Europe, but are also in other parts of the world.
The DAQFactory networking feature allows multiple machines running DAQFactory to interact with each other. This interaction includes sending a signal from one device to initiate a reboot or shut down of another device. A successful attacker could trigger a DAQFactory system reboot or shutdown.
This vulnerability is remotely exploitable, but there have been no cases to date.
AzeoTech recommends users take one of the following steps:
1. Upgrade to Version 5.85 (Build 1842), which addresses this vulnerability by adding authentication, and changes default settings to disable both the networking feature and also the remote reboot and shutdown feature. Version 5.85.
2. For versions older than Version 5.85, disable the DAQFactory networking feature if the system configuration does not require network support. Users can check the “Disable Broadcast” option in the “File – Document Settings” menu.
3. AzeoTech recommends users to only deploy DAQFactory on an isolated network if they cannot perform one of the above mitigation steps.
ICS-CERT verified upgrading to Version 5.85 (Build 1842) successfully mitigates the reported vulnerabilities.
Leave a Reply
You must be
to post a comment.
Copyright & 2018 isssource.com 上传我的文档
 下载
 收藏
粉丝量：21
该文档贡献者很忙，什么也没留下。
 下载此文档
Transcriptome-wide measurement of ribosomal occupancy by ribosome profiling
下载积分：2000
内容提示：Transcriptome-wide measurement of ribosomal occupancy by ribosome profiling
文档格式：PDF|
浏览次数：4|
上传日期： 21:25:53|
文档星级：
全文阅读已结束，如果下载本文需要使用
 2000 积分
下载此文档
该用户还上传了这些文档
Transcriptome-wide measurement of ribosomal occu
关注微信公众号}