Hike in Public Release of SCADA Holes

Tuesday, November 29, 2011 @ 06:11 PM gHale


Public release of vulnerabilities before a vendor or ICS-CERT has a handle on the situation seems to be becoming a trend of late.

There are two more vulnerabilities that fall into that category. One is a report of denial-of-service vulnerabilities with proof-of-concept (PoC) exploit code affecting Optima APIFTP Server, part of a suite of supervisory control and data acquisition (SCADA) and human-machine interface (HMI) products.

RELATED STORIES
Siemens Investigating Vulnerabilities
Schneider Vulnerabilities Released
Patches for InduSoft Vulnerabilities
Third Party Vulnerability Hits Mitsubishi

The second is a report of a use-after-free vulnerability with PoC exploit code affecting MICROSYS, spol. s r.o. PROMOTIC, a SCADA and HMI product.

The Optima report said these vulnerabilities are exploitable by sending specially crafted packets to the server on Port 10260/UDP. Luigi Auriemma released this report without coordination with ICS-CERT or the vendor.

ICS-CERT has coordinated the report with Optima, which is working to confirm the report and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The null pointer and endless loop are remotely exploitable and could lead to a denial of service with a possible remote code execution.

Meanwhile, ICS-CERT is dealing with a report from Auriemma that looks at a use-after-free vulnerability with PoC exploit code affecting MICROSYS, spol. s r.o. PROMOTIC. According to the report, the vulnerability is exploitable when the program loads a specially crafted project file. This report released without coordination by ICS-CERT or the vendor.

ICS-CERT has coordinated the report with the vendor, which is working to confirm the report and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The vulnerability is a use-after-free and it is locally exploitable that could lead to possible arbitrary code execution. ICS-CERT is currently coordinating with the vendor, security researcher, and CSIRT.CZ to identify mitigations.

ICS-CERT is reaching out to Microsys and Computer Security Incident Response Team (CSIRT.CZ) to notify them of this vulnerability and assist them with mitigation.

MICROSYS, spol. s r.o. is a Czech company with headquarters in Ostrava. Promotic is SCADA HMI software that includes support for a web interface and works with Microsoft Windows.



Leave a Reply

You must be logged in to post a comment.