One of the world’s major suppliers of industrial networking kit, Japanese company Yokogawa, has alerted the world to a vulnerability in 21 of its products.
The ICS-CERT advisory, here, identifies the company’s CENTUM, ProSafe-RS, STARDOM, FAST/TOOLS and other systems as being at risk.
The vulns are “stack-based buffer overflow vulnerabilities”, the advisory states.
The overflows are in systems both with a Windows interface, and with embedded versions (such as the ProSafe’s human-machine interface).
There are two denial-of-service vulnerabilities that can be triggered by a remote attacker by sending a crafted packet to “the process that executes over network communications”, cutting off communications to the targeted system.
More seriously, the network communication process can also be crashed by a crafted packet allowing the attacker to execute arbitrary code.
View full story