Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525PUBLISHED: 2021-01-22M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
User Rank: Apprentice
2/24/2013 | 3:16:34 AM
Mid-America, cattle country - you've got a law enforcement drone following a suspect over hill and dale in an area that human officers can't easily get to, out in the middle of a pasture. And you've got a cattle rancher that's had issues with predators attacking his herd in the past, so he or she is on horseback, armed with a shotgun, just in case. Drone pilot loses the suspect and starts a standard, circular search pattern - ends up flying over and seriously disturbing the herd of cattle. Cattle stampede ensues. Rancher doesn't know what's causing the problem, but sees that their herd is "being chased" by a slow moving drone. Shotgun gets trained, trigger pulled, splash one drone.
Now, how does THAT situation get resolved?
Are we going to treat law enforcement drones in the same manner that we do K9 officers or in the same manner as police cruisers? Shooting a K9 officer, in most jurisdictions, is equivalent to shooting a human officer - whereas destroying a police cruiser is a matter of destroying public property.
Who owns and gets final disposition of the footage and sensor information collected by the drones? Does it all get cataloged, put on a shelf and made available to the public? Is it made available to researchers, in this instance, who are looking at cattle herding procedures, soil erosion or other geological/geographical research?
If law enforcement is using a drone for surveillance, how and when does the search warrant get served? I'm sure there are ways around that little annoyance though.
What kind of license is going to be required to fly a drone? Or is it a free-for-all? What about the amount of available spectrum for controlling these drones? What happens when a cargo freighter the size of a 747 gets hi-jacked from the ground? If the military can't keep up with where their RQ-170s are going, how are we supposed to expect commercial or civil operators to keep up with where their drones are going?
And with 30,000 drones over the next decade expected to go operational, how are we supposed to know "the good guys" from "the bad guys" ?
Somebody, preferably outside of Washington, needs to put a LOT of thought into this before turning the spigot wide open.
Andrew Hornback
InformationWeek Contributor