Computrols Clears CBAS Web Holes

Tuesday, May 21, 2019 @ 02:05 PM gHale

Computrols has upgrades available to handle multiple vulnerabilities in its CBAS Web, according to a report with NCCIC.

The vulnerabilities include a cross-site request forgery, information exposure through discrepancy, cross-site scripting, command injection, information exposure through source code, use of hard-coded cryptographic key, SQL injection, authentication bypass using an alternate path or channel, and inadequate encryption strength.

Mitsubishi Ethernet Module Firmware Fixed
Fuji Electric Fixes Alpha7 PC Loader
Schneider Mitigations for Modicon Controllers
Computrols Technical Support.

For more information, see the Computrols security advisory.

Leave a Reply

You must be logged in to post a comment.