Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381PUBLISHED: 2021-04-18This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374PUBLISHED: 2021-04-18This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375PUBLISHED: 2021-04-18This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376PUBLISHED: 2021-04-18This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377PUBLISHED: 2021-04-18This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
User Rank: Apprentice
6/23/2017 | 7:21:58 AM
While IT people worry about CIA, ICS experts shall worry about SRP (Safety - Reliability-Productivity). None want to be blamed for a painful outage or damage just because they patched the OS.
ICS cyber experts know very well that every change to ICS hardware or software is a severe risk to SRP. So... what is the solution? where we want to be in 5 or 10 years? You shall plan building a brand new and modern control room, build it with modern hardware and software and fit the original application to the new system.
But ! be ready that it will not work. Plan for spending 4-6 months and test it before you can commision the new control room.
The result is funny: The new control room will be as good as the old one and not better ! But it will have strong cyber defense solutions build in and will be ready for periodic cyber security upgrades.
Yes, it worth the investment, and also there is no alternative!