Koyo Finalizes Firmware Fix

Monday, April 16, 2012 @ 02:04 PM gHale


Koyo produced updated firmware to its ECOM100 Ethernet module that resolves vulnerabilities in their Programmable Logic Controllers (PLCs), according to a report on ICS-CERT.

Successful exploitation of these vulnerabilities may allow an attacker to load modified firmware, or to perform other malicious activities on the system. These vulnerabilities first came to light during the SCADA Security Scientific Symposium (S4) when Digital Bond’s Reid Wightman released proof of concept code without coordination with either the vendor or ICS-CERT.

RELATED STORIES
MICROSYS Patches SCADA/HMI Line
Siemens Scalance Line Vulnerabilities
GE, Modicon Metasploit Modules
CoDeSys, Wago Vulnerabilities

The following Koyo products suffer from the vulnerabilities:
DIRECTLOGIC DL205 SERIES PROGRAMMABLE LOGIC CONTROLLERS
• H2-ECOM (For DirectLogic DL205 Series Programmable Logic Controllers)
• H2-ECOM-F (For DirectLogic DL205 Series Programmable Logic Controllers)
• H2-ECOM100 (For DirectLogic DL205 Series Programmable Logic Controllers)

DIRECTLOGIC DL06 SERIES PROGRAMMABLE LOGIC CONTROLLERS
• H0-ECOM (For DirectLogic DL06 Series Programmable Logic Controllers)
• H0-ECOM100 (For DirectLogic DL06 Series Programmable Logic Controllers).

DIRECTLOGIC DL405 SERIES PROGRAMMABLE LOGIC CONTROLLERS
• H4-ECOM (For DirectLogic DL405 Series Programmable Logic Controllers)
• H4-ECOM-F (For DirectLogic DL405 Series Programmable Logic Controllers)
• H4-ECOM100 (For DirectLogic DL405 Series Programmable Logic Controllers).

Koyo is an international manufacturer of automation products and controllers including PLCs. AutomationDirect.com is a subsidiary of Koyo, and the exclusive distributor of Koyo programmable controllers for North America, South America, Australia, and Europe.
The Koyo ECOM100 Ethernet module communicates between a PLC and the control system.

Koyo addressed the following vulnerabilities:
BUFFER OVERFLOW
This vulnerability exists because long string input to parameters will cause a buffer overflow, which may allow execution of arbitrary code. CVE-2012-1805 is the number assigned to this vulnerability. Koyo said a patch available for the ECOM modules resolves the issue.

WEAK PASSWORD REQUIREMENTS
This vulnerability exists because the ECOM modules only allow use of up to an 8-byte password for authentication. A brute force tool for exploiting this vulnerability is available. CVE-2012-1806 is the number assigned to this vulnerability. The patch does not change the password length, but it implements a lockout mechanism to mitigate this risk.

WEB SERVER CROSS-SITE SCRIPTING
This vulnerability exists because the web server allows malicious cross-site scripts. CVE-2012-1807 is the number assigned to this vulnerability. Koyo said the patch available for the ECOM modules resolves this issue.

WEB SERVER REQUIRES NO AUTHENTICATION
This vulnerability exists because the web server in the ECOM modules does not require authentication to perform critical functions. CVE-2012-1808 is the number assigned to this vulnerability. Koyo said the web server within the ECOM modules end up limited to module configuration parameters. Koyo did not add Web server authentication to the module; however, the web server ended up disabled by default. A configuration change can enable the web server.

UNCONTROLLED RESOURCE CONSUMPTION
This vulnerability exists because the ECOM web server does not properly restrict the size or amount of resources requested or could suffer from the influence of an actor. This can lead to excessive resource consumption, affecting system performance. CVE-2012-1809 is the number assigned to this vulnerability. Koyo said the web server within the ECOM modules end up limited to module configuration parameters. Koyo did not add resource management features to the module; however, they disabled the web server by default. A configuration change will enable the web server.

Automation Direct said the firmware for the ECOM family of Ethernet Products for the Koyo DirectLogic Series of PLCs updated to address these vulnerabilities.



Leave a Reply

You must be logged in to post a comment.