One patched, one to go
The US industrial control system computer emergency response team (ICS-CERT) has warned of twin flaws in substation control software. The SICAM Power Automation System contains poorly protected credentials (CVE-2016-5848) and information exposure (CVE-2016-5849) found by Russian researchers Ilya Karpov and Dmitry Sklyarov of Positive Technologies. The CERT warns lowly hackers could exploit the holes but only with pre-existing local access, greatly limiting the exposure. "An authenticated local u...