ICS-CERT recommends that system operators thoroughly test new releases of software before installing them on critical production systems.
This update is available at the following location on their website. Siemens has released an update mitigating this vulnerability. Additional user interaction is needed to load the malformed file, decreasing the likelihood of a successful exploit. Social engineering is required to convince the user to accept the malformed file. DifficultyĬrafting a working exploit for this vulnerability would require moderate skill. No publicly known exploits specifically target this vulnerability. The exploit can be triggered only when a local user runs the vulnerable application and loads the carefully crafted exploit file. An attacker cannot initiate the exploit from a remote machine. This vulnerability is likely exploitable, but not without user interaction. DoS / Null pointer issues: client side exploit.
This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011.