COPA-DATA Improper Input Validation

Tuesday, June 3, 2014 @ 05:06 PM gHale


Automation software company Ing. Punzenberger COPA-DATA GmbH created an update to mitigate an improper input validation vulnerability affecting the DNP3 driver in the zenon SCADA software, according to a report on ICS-CERT.

The vulnerability, discovered based on the DNP3 research conducted by Adam Crain of Automatak and Chris Sistrunk of Mandiant, could end up remotely exploited.

RELATED STORIES
Triangle MicroWorks Fixes DoS Hole
Cogent Fixes 3 DataHub Vulnerabilities
Siemens Updates ROS Vulnerability
Emerson Fixes DeltaV Vulnerabilities

The following COPA-DATA products suffer from the issue:
• zenon DNP3 NG driver (DNP3 master), Versions 7.10 SP0 up to and including 7.11 SP0 build 10238
• zenon DNP3 Process Gateway (DNP3 outstation), Versions 7.11 SP0 build 10238 and prior.

Exploiting this vulnerability could result in a denial-of-service (DoS) condition, which would close communication connections and cause system instability.

COPA-DATA is an Austrian-based company that maintains offices in several countries around the world, including the United States, Europe, and Asia.

The affected products, zenon HMI/SCADA, are Windows-based SCADA systems. According to COPA-DATA, the zenon DNP3_NG driver and the zenon DNP3 process gateway see use primarily in the energy and infrastructure industries, including water and waste-water treatment. These products see action mainly in the United States and Australia but also in other countries in North America, South America, Africa, Asia, Europe and the Middle-East.

As this vulnerability affects Internet Protocol (IP)-connected and Serial-connected devices, there are two CVSS scores.

The zenon DNP3 driver software incorrectly validates input. An attacker could cause the software to go into an infinite loop with a specifically crafted TCP packet, causing the process to crash. The system must end up restarted manually to clear the condition.

The following scoring is for IP-connected devices.

CVE- 2014-2345 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

The zenon DNP3 driver software incorrectly validates input. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must end up manually restarted to clear the condition.

The following scoring is for serial-connected devices.

CVE- 2014-2346 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.0.

The IP-based vulnerability is remotely exploitable.

The serial-based vulnerability is not exploitable remotely. An attacker would need local access to the serial-based outstation.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill could craft an IP packet that would be able to exploit the vulnerability for an IP-based device.

An attacker with a high skill could exploit the serial-based vulnerability because physical access to the device or there would have to be some amount of social engineering.

Build 11206 for Version zenon 7.11 is available that contains updated versions of the affected products that resolve the discovered vulnerabilities. COPA-DATA recommends upgrading or updating the affected products to this version.

Click here to see Knowledge Base articles 179444 and 178001.

System integrators and asset owners should contact their local COPA-DATA representative for further information on how to obtain this update.



Leave a Reply

You must be logged in to post a comment.