Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Emerson patches SQL injection vulnerability in ICS product

Emerson patches SQL injection vulnerability in ICS product

2015/05/22

Securityweek - (International) Emerson's Process Management group released a software addressing a structured query language (SQL) injection vulnerability in its AMS Device Manager in which an attacker could escalate privileges and gain access to administrative functions by supplying a malformed input to the software. The AMS Device Manager is part of the AMS Suite and is used in many industrial control systems (ICS) worldwide, especially in the oil, gas, and chemical industries.

Source: http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:22