Eaton Fixes ELCSoft Vulnerabilities

Friday, July 1, 2016 @ 03:07 PM gHale


Eaton released a revision to mitigate heap-based memory corruption and stack buffer overflow vulnerabilities in its ELCSoft programming software, according to a report on ICS-CERT.

ELCSoft Version 2.4.01 and earlier suffer from the remotely exploitable vulnerabilities, discovered by Ariele Calgaviano working with Zero Day Initiative.

RELATED STORIES
Holes in Sierra Wireless Gateways
Meinberg Clears NTP Time Server Issues
Unitronics Mitigates VisiLogic Hole
Rockwell Fixes Switch Vulnerability

An attacker may be able to exploit these vulnerabilities to execute arbitrary code on the target system.

Eaton is a U.S.-based company that maintains offices worldwide. ELCSoft programming software configures all Eaton ELC programmable logic controllers deployed by power grid operators to apply protection and communications support for overcurrent devices such as reclosers and circuit breakers.

This product sees use primarily in the energy sector. Eaton estimates this product sees action on a global basis.

While the ELC controllers themselves do not exhibit this vulnerability, the PCs used to configure the logic in the ELC exhibit this vulnerability when running the ELCSoft editor.

A proof-of-concept file can be run after page heap ends up turned on for elcsoft.exe.

CVE-2016-4509 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.0.

In addition, the ELCSimulator copies the input network packet into a fixed size stack buffer without checking if it will fit.

CVE-2016-4512 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

Eaton has released a revision that mitigates these vulnerabilities. Click here to download the revision.

Eaton said the current firmware needs to be uninstalled prior to loading the update.