Last week, ICS-CERT released an advisory on a set of Johnson Control MetaSys vulnerabilities I reported. You can find the advisory here: https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02
It’s interesting to note that my initial email describing the vulnerabilities was sent on November 22nd, 2013. So, 1 year, 3 months, and 23 days later… we finally get a public advisory.
more here......http://xs-sniper.com/blog/2015/03/23/johnson-controls-metasys-vulnerabilities-part-i/
It’s interesting to note that my initial email describing the vulnerabilities was sent on November 22nd, 2013. So, 1 year, 3 months, and 23 days later… we finally get a public advisory.
more here......http://xs-sniper.com/blog/2015/03/23/johnson-controls-metasys-vulnerabilities-part-i/