Zero-day vulnerabilities discovered: 1
Improper access control
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to improper access control and incorrect validation of the szScreen field when processing file uploads within the CimWebServer component. A remote unauthenticated attacker can upload and execute arbitrary file on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability has been exploited in targeted attacks.
According to ICS-CERT, the vulnerability has been exploited in the wild since at least since January 2012. The vulnerability has been exploited in Sandworm campaign.
Software: CIMPLICITY
Known/fameous malware:
BlackEnergy
Links:
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B
https://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
https://ge-ip.force.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail...
https://ge-ip.force.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail...
http://www.zerodayinitiative.com/advisories/ZDI-14-016/