Envitech Patches EnviDAS Ultimate

Thursday, October 12, 2017 @ 05:10 PM gHale


Envitech Ltd. has an update available to mitigate an improper authentication vulnerability in its EnviDAS Ultimate, according to a report with ICS-CERT.

A web application for environmental monitoring, EnviDAS Ultimate Versions prior to v1.0.0.5 suffer from the remotely exploitable issue, discovered by Can Demirel of Biznet Bilisim who also tested the patch.

RELATED STORIES
WECON Fixes HMI Editor Issue
Multiple Holes in ProMinent Controller
Siemens Clears BACnet Field Panels Issues
GE Updates CIMPLICITY Fix

Successful exploitation of this vulnerability could allow an attacker to view and edit settings without authenticating and execute code remotely.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.

CVE-2017-9625 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The product sees use in the commercial facilities, communications, and water and wastewater systems sectors. It also sees action on a global basis.

Israel-based Envitech Ltd., recommends that users of affected versions update to the latest version of v1.0.0.5 or newer. The update can be obtained by emailing Envitech Ltd.



Leave a Reply

You must be logged in to post a comment.