The NCCIC has released an advisory about authentication bypass by capture-replay, improper access control, and improper authentication vulnerabilities in GAIN Electronic Co. Ltd SAGA1-L Series. All firmware versions prior to A0.10 are affected. Successful exploitation of these vulnerabilities could allow remote code execution and potentially delete the product’s firmware. GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!