Vulnerabilities in AUVESY Versiondog Data Management Software May Affect Industrial Environments
Issue
26 October 2021
Editor
Dan McCarthy
Editor in Chief
Amery Smock
Date
10/18/2021
-
Analysis
CISA ICS Advisory warns of vulnerabilities in AUVESY versiondog data management software that could allow attackers to execute remote code and acquire complete remote control over industrial machines [1].
AUVESY versiondog is an automated change management application providing backup and compare functions to monitor, track, and store changes. Versiondog supports devices from all major industrial control system manufacturers and is used by more than 1,200 customers worldwide [2].
Claroty Team82 disclosed the critical vulnerabilities to AUVESY last year. The security flaws may allow an attacker to execute arbitrary code. AUVESY reports that 8.1 fixes these vulnerabilities [3]. Affected organizations may contact AUVESY to obtain the appropriate update. -
Sources
[1] CISA ICS Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01
[2] AUVESY Versiondog Overview https://auvesy.com/en/
[3] Claroty Overview of Versiondog Vulnerabilities https://www.claroty.com/2021/10/19/claroty-auvesy-coordinate-disclosure-on-versiondog-vulnerabilities/
Analyst