Elecsys Patches Vulnerability

Wednesday, December 4, 2013 @ 11:12 AM gHale

Elecsys created a patch that mitigates an improper input validation in its Director Gateway application, according to a report on ICS-CERT.

Independent researcher Adam Todorski, who discovered the vulnerability with Adam Crain of Automatak and independent researcher Chris Sistrunk, tested the patch to validate it resolves the remotely exploitable vulnerability.

TRi Fixes Vulnerability
Catapult Software DNP3 Driver Bug
GE Proficy DNP3 Improper Input Validation
Nordex NC2 XSS Vulnerability

Elecsys Director DNP3 Outstation, kernel Version and all previous versions suffer from the issue.

Successful exploitation of this vulnerability could allow an attacker to affect the availability of the DNP3 master slave communication in Elecsys Director Gateway devices.

Elecsys is a U.S.-based company that provides machine-to-machine communication technology solutions, custom electronic equipment, and displays for critical industrial applications worldwide. Its primary markets include energy production and distribution, agriculture, transportation, safety and security systems, water management, aerospace, and military.

The affected products, the Director Industrial Communication Gateway, are industrial data communications devices. Director Gateway products see use across several sectors including the energy sector. Elecsys said these products are primarily in the United States and Europe with a small percentage in Asia.

The DNP3 service in Elecsys Director Gateway does not validate or incorrectly validates input. Successful exploitation of this vulnerability disables communications and induces high system load for a short period of time.

CVE-2013-2825 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

While no known public exploits specifically target this bug, an attacker with a medium skill would be able to exploit this vulnerability.

Users can obtain this patch by contacting Elecsys customer service at 913-647-0158 or email Elecsys.

Because this vulnerability is identifiable with fuzzing tools, the researchers suggest developers use extensive negative testing during quality control of products. The researchers also suggest blocking DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DNP3-specific rule sets.

Leave a Reply

You must be logged in to post a comment.