BLF-Tech Updates HMI Hole

Tuesday, April 25, 2017 @ 03:04 PM gHale


BLF-Tech LLC released an update to its VisualView HMI to mitigate an uncontrolled search patch element vulnerability, according to a report with ICS-CERT.

VisualView HMI Version 9.9.14.0 and prior suffer from the vulnerability, discovered by researcher, Karn Ganeshen.

RELATED STORIES
Update to ‘BrickerBot’ Attack
Belden Updates Fixes for GECKO
Wecon Mitigates HMI Editor Holes
Schneider Working on Modicon, SoMachine Holes

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system.

An uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.

CVE-2017-6051 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.

The product sees action in the critical manufacturing and the water and wastewater sectors.
It mainly sees use in the United States.

An attacker with a low skill level could leverage the vulnerability.

Las Vegas, NV-based BLF-Tech LLC released a new version of VisualView HMI to address the reported vulnerability. Click here to download VisualView HMI Version 10.2.15.0.



Leave a Reply

You must be logged in to post a comment.