SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-952901297] Saia Burgess Controls PCD Controllers

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-09-21OtherSaia Burgess ControlsDavide Fauri of Eindhoven University of Technology discovered and reported this vulnerability to ICS-CERT. N/ACVE-2017-9628 N/AN/AN/A

Source

						
							
								
#
# Saia Burgess Controls PCD Controllers
#


### VULNERABLE VENDOR
Saia Burgess Controls


### VULNERABLE PRODUCT
PCD Controllers



### RESEARCHER
Davide Fauri of Eindhoven University of Technology discovered and reported this vulnerability to ICS-CERT.



### AFFECTED PRODUCTS

Saia Burgess Controls reports that the vulnerability affects the following PCD Controllers:

PCD firmware versions prior to 1.28.16 or 1.24.69



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to obtain information in memory.



### VULNERABILITY OVERVIEW

INFORMATION EXPOSURE CWE-200
In certain circumstances, the device pads Ethernet frames with memory contents.
CVE-2017-9628 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector: Chemical and Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Switzerland




### MITIGATION

Saia Burgess Controls strongly recommends that users update to the latest versions of firmware, Version 1.28.16 or 1.24.69.

The security upgrade section of the Saia Burgess Controls web page links to the latest versions and offers security tips and upgrade information:

https://www.sbc-support.com/en/product-category/communication-protocols/pcd-on-internet/upgrade-it-security/


Please see the latest update information for this product at the following web site:

https://www.sbc-support.com/en/product-index/