During the course of a recent penetration test, HORNE Cyber cyber operations specialist Tyler Holland identified previously-unknown vulnerabilities in Symantec’s Industrial Control System Protection (ICSP) product. Findings & Implications The vulnerabilities in Symantec ICSP were identified during an internal network penetration test of a client. After the engagement, the client requested HORNE Cyber report the identified issues to Symantec. Symantec has patched the vulnerabilities as of version 6.1.1.123. All customers operating ICSP with version 6 prior to this patched version should upgrade. These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2019-18380. The two issues identified in ICSP can, put together, lead to an attacker with

Join for free to read