Certec Patches Vulnerabilities

Monday, April 16, 2012 @ 03:04 PM gHale


Certec created a fix that resolves vulnerabilities in its webMI2ADS application, which suffered from issues that could cause a denial of service (DoS) or could lead to data leakage, according to a report on ICS-CERT.

Independent researcher Luigi Auriemma released these vulnerabilities and proof of concept code without coordination with ICS-CERT, the vendor, or any other coordinating entity.

RELATED STORIES
Koyo Finalizes Firmware Fix
MICROSYS Patches SCADA/HMI Line
Siemens Scalance Line Vulnerabilities
GE, Modicon Metasploit Modules

All versions of webMI2ADS to version 2.0.2 suffer from the issue.

Certec EDV GmbH is an Austrian-based company with regional partners in Germany, Switzerland, Italy, and Israel. Certec webMI2ADS is the server component of a browser-based HMI system. WebMI2ADS sees primary use in factory and building automation.

DIRECTORY TRAVERSAL
The web server in webMI does not implement sufficient measurers to prevent reading files from an unauthorized directory. An attacker could exploit this vulnerability by sending a specially crafted request to the web server on Port 80/TCP. A successful attack may result in data leakage. CVE-2011-4880 is the number assigned to this vulnerability. The vulnerability earned a CVSS V2 base score of 5.0.

NULL POINTER
The web server in webMI does not implement checks on a return value from a function. An attacker could exploit this vulnerability by sending a specially crafted request to the web server on Port 80/TCP. A successful attack would result in a DoS condition. CVE-2011-4881 is the number assigned to this vulnerability. This earned a CVSS V2 base score of 5.0.

TERMINATION OF THE SOFTWARE
An attacker could use a non-authenticated command via the web interface on Port 80/TCP to shut down the application. A successful attack would result in a DoS condition.
CVE-2011-4882 is the number assigned to this vulnerability. It also earned a CVSS V2 base score of 5.0.

RESOURCES CONSUMPTION
The web server in webMI does not implement checks for invalid values in an HTTP request. An attacker could exploit this vulnerability by sending a specially crafted request to the web server on Port 80/TCP. Successful attack would result in a DoS condition.
CVE-2011-4883 is the number assigned to this vulnerability. It earned a CVSS V2 base score of 5.0.

These vulnerabilities are remotely exploitable and public attacks are out there. An attacker with a low skill level may cause a DoS condition or access sensitive data.

Certec released version 2.0.2 of webMI2ADS which fixes these vulnerabilities. Users will need to register in order to download the new product.

Certec recommends owners of vulnerable versions of the webMI2ADS product download and install the updated version as soon as possible.



Leave a Reply

You must be logged in to post a comment.