Rewterz Threat Advisory – Windows 10: Privilege Escalation Vulnerabilities Found in Over 40 Drivers
August 13, 2019Rewterz Threat Alert – Cerberus – A new Banking Trojan being sold as Android Malware
August 13, 2019Rewterz Threat Advisory – Windows 10: Privilege Escalation Vulnerabilities Found in Over 40 Drivers
August 13, 2019Rewterz Threat Alert – Cerberus – A new Banking Trojan being sold as Android Malware
August 13, 2019Severity
High
Analysis Summary
A new bug has been reported in a Delta ICS controller that oversees HVAC, lighting, sensor and alarm systems, etc. The vulnerability could allow malicious actors on the same network complete control of the operating system. The bug is caused by a buffer-overflow vulnerability, i.e. a mismatch in the memory sizes used to handle incoming network data.
The researchers used broadcast traffic (launching attack without knowing target’s location on the network) and were able to control any hardware connected to the vulnerable manager by remotely issuing commands to it.
Affected Vendors
Delta
Affected Products
Delta enteliBUS Manager
Remediation
Delta Controls has issued a patch, which should be applied quickly.