Geovap Fixes Reliance SCADA Hole

Thursday, November 30, 2017 @ 04:11 PM gHale


Geovap released a software update to mitigate a cross-site scripting vulnerability in its Reliance SCADA product, according to a report with ICS-CERT.

A software management platform, Reliance SCADA Version 4.7.3 Update 2 and prior suffer from the remotely exploitable issue, discovered by Can Demirel.

RELATED STORIES
Siemens Fixes SWT3000 Firmware
Ethicon Endo-Surgery Clears Vulnerability
Siemens has Mitigations for SCALANCE Holes
Phoenix Contact Working on KRACK Fix

Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary JavaScript in a specially crafted URL request that may allow for read/write access.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

In the cross-site scripting vulnerability, it could allow an unauthenticated attacker to inject arbitrary code.

CVE-2017-16721 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

The product sees action mainly in the critical manufacturing, energy, transportation systems, and water and wastewater systems sectors. It also sees use on a global basis.

To mitigate the vulnerability, Czech Republic-based Geovap released Version 4.7.3 Update 3 of the software.



Leave a Reply

You must be logged in to post a comment.