IniNet Solutions Fixes SCADA Holes

Wednesday, October 21, 2015 @ 12:10 PM gHale


IniNet Solutions GmbH created a new version that mitigates three vulnerabilities in its SCADA Web Server, according to a report on ICS-CERT.

Kirill Nesterov and Aleksandr Timorin of Positive Technologies discovered the remotely exploitable vulnerabilities.

RELATED STORIES
3S Fixes Null Pointer Exception
3S Fixes Null Pointer Dereference Hole
SDG Hole Exploit Code Released
Nordex Fixes Wind Farm SCADA App

IniNet Solutions GmbH’s SCADA Web Server, versions prior to Version 2.02 suffer from the issues.

IniNet Solutions GmbH’s SCADA Web Server is a third-party software used in industrial control system devices. ICS-CERT is working with vendors to identify affected products that incorporate vulnerable versions of SCADA Web Server.

The IniNet Solutions’ SCADA Web Server is compatible and used with the following Beckhoff products:
• Beckhoff Embedded PC, series CX1010
• Beckhoff Embedded PC, series CX1020
• Beckhoff Embedded PC, series CX1030
• Beckhoff Embedded PC, series CX2000
• Beckhoff Embedded PC, series CX5100
• Beckhoff Embedded PC, series CX5000

Successful exploitation of the vulnerabilities in SCADA Web Server could allow an attacker to manipulate and delete files, execute arbitrary code, and initiate a denial of service condition.

IniNet Solutions GmbH is a Switzerland-based company.

SCADA Web Server deploys across several industries including building automation, according to IniNet Solutions. The product primarily sees use in Europe.

Multiple HTTP request fields end up parsed by a function that does not check destination buffer size, which could allow an attacker to overflow the buffer that may allow remote code execution or a denial-of-service condition.

CVE-2015-1001 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In addition, security features could end up evaded when input has been URL encoded that could allow unauthorized file manipulation and deletion.

CVE-2015-1002 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

Also, external input ends up used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read arbitrary OS files.

CVE-2015-1003 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill would be able to exploit these vulnerabilities.

IniNet Solutions produced a new version of SCADA Web Server, Version 2.02 that mitigates the identified vulnerabilities. The new version can end up obtained by contacting IniNet Solutions. Click here for IniNet Solutions’ contact information.

Users of an identified Beckhoff product should determine if they are using a vulnerable version of SCADA Web Server. Asset owners using a vulnerable version of SCADA Web Server should contact their supplier or IniNet Solutions to obtain a new version of SCADA Web Server. Beckhoff said IniNet Solutions products are not a Beckhoff product. SCADA Web Server is an application software by a third-party vendor developed and sold independent of Beckhoff. Beckhoff said their (standard) products are not affected.



Leave a Reply

You must be logged in to post a comment.