IDS Creates New Module to Fix Hole

Friday, May 29, 2015 @ 02:05 PM gHale

IDS produced a new module that mitigates directory traversal vulnerability in its RTU 850C, according to a report on ICS-CERT.

Independent researchers Benjamin Kahler and Sebastian Kraemer of HSASec discovered the remotely exploitable vulnerability.

Rockwell Fixes RSView32 Vulnerability
Schneider Fixes OFS Server Hole
Emerson Fixes SQL Injection Issue
OleumTech Fixes WIO Family Holes

The following IDS communications modules in the IDS 850 family suffer from the issue: NC854 and NC856.

An attacker could use this vulnerability to access credentials which could escalate privileges.

IDS is a German-based company that maintains offices in six countries around the world, including Switzerland, Morocco, Iran, United Arab Emirates, Czech Republic, and Romania.

The affected products see use in several sectors including communications, energy, and water and wastewater systems.

Using this vulnerability, an attacker is able to access some files from the internal service interface of the communication module. One of the accessible files contains the credentials (passwords) to access the internal service interface via telnet.

CVE-2015-3939 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.5.

No known public exploits specifically target this vulnerability. An attacker with high skill would be able to exploit this vulnerability.

The communication modules can end up protected against the described vulnerability by disabling the internal web server. The user can do this via the configuration settings.

The communication modules “NC854” and “NC856” ended up discontinued in 2009 and replaced by newer communication modules. Because both communication modules are past end of life, the company will not produce an update or patch.

Leave a Reply

You must be logged in to post a comment.