The NCCIC has published an advisory on a type confusion vulnerability in Pilz PNOZmulti Configurator. All versions prior to 10.9 are affected. Successful exploitation of this vulnerability could allow sensitive data to be read from the system. Pilz has discontinued the PMI m107 diag HMI device and the function concerned was removed in PNOZmulti Configurator Version 10.9. Pilz has provided a list of steps (listed on the NCCIC advisory) to mitigate this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!