Saia Burgess Fixes PCD Controllers

Thursday, September 21, 2017 @ 04:09 PM gHale


Saia Burgess Controls’ latest firmware updates should mitigate an information exposure vulnerability in its PCD Controllers, according to a report with ICS-CERT.

PCD firmware versions prior to 1.28.16 or 1.24.69 suffer from the remotely exploitable vulnerability, discovered by Davide Fauri of Eindhoven University of Technology.

RELATED STORIES
Fix is in for mGuard Device Manager
LOYTEC Mitigates Multiple HMI Holes
Philips Addresses Patient Worn Monitor Holes
mySCADA Fixes myPRO Hole

Successful exploitation of this vulnerability could allow an attacker to obtain information in memory.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

In the information exposure vulnerability, in certain circumstances, the device pads Ethernet frames with memory contents.

CVE-2017-9628 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product mainly sees use in the chemical and energy sectors. It also sees action on a global basis.

Switzerland-based Saia Burgess Controls recommends users update to the latest versions of firmware, Version 1.28.16 or 1.24.69.

The security upgrade section of the Saia Burgess Controls web page links to the latest versions and offers security tips and upgrade information.

Click here to see the latest update information for this product.



Leave a Reply

You must be logged in to post a comment.