Kepware Mitigates Vulnerability

Wednesday, February 25, 2015 @ 02:02 PM gHale

Kepware Technologies created a new version that mitigates a resource exhaustion vulnerability in the DNP Master Driver for the KEPServerEX Communications Platform, according to a report on ICS-CERT.

Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform Versions 5.16.728.0 and earlier suffer from the remotely exploitable vulnerability, discovered by Adam Crain of Automatak and Chris Sistrunk of Mandiant.

Software Toolbox Mitigates Vulnerability
Siemens Fixes STEP 7 TIA Portal Holes
Yokogawa HART Device DTM Hole
Siemens Fixes WinCC Vulnerabilities

An attacker who exploits this response processing vulnerability may be able to crash the OPC Server application software running on the target system.

Kepware Technologies is a Portland, ME-based company. The KEPServerEX Communications Platform sees use in industry and third-party connectivity communication software for automation in OPC and embedded device communications.

The affected product is a Microsoft Windows-based software that facilitates connectivity to multiple DNP3 compliant devices such as HMI, RTU, PLC and meters.

According to Kepware Technologies, the KEPServerEX sees action globally in over 100 countries, across several sectors including chemical, commercial facilities, critical manufacturing, energy, food and agriculture, information technology, and water and wastewater systems.

A vague interpretation of the DNP3 protocol may allow a specially crafted response to create large numbers of entries in the master in some implementations. This is not a universal problem for all DNP3 users, vendors, or integrators, but it may occur.

CVE-2014-5425 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill would be able to exploit this vulnerability.

Remote devices should not return a variation of 0 to a master, and a master that encounters a zero length message from a remote should stop processing that message.

DNP3 Application Note AN2013-004b Validation of Incoming DNP3 Data, published August 13, 2014, addresses this issue. Click here to download the bulletin.

Kepware Technologies created a new version of the software, V5.17.495.0, which resolves the vulnerability. Information about the new version is available at the Kepware support site to registered users.

Users can call Kepware Technical Support at 207-775-1660 or 888-537-9273, Ext 211. Hours of operation are 8 a.m. to 5 p.m. U.S. Eastern Time, Monday to Friday. You can also email Kepware Technical Support.

Leave a Reply

You must be logged in to post a comment.