More Holes Beset SCADA Firms

Wednesday, October 12, 2011 @ 04:10 PM gHale


More vulnerabilities are hitting the industry as three companies are falling under the eye of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

One company suffering from a proof-of-concept (PoC) exploit code is Open Automation Software’s OPC Systems.Net product.

RELATED STORIES
Cogent Patches DataHub Holes
Beckhoff Patches PoC Weakness
Rockwell Adds More Platform Patches
PoC Holes from SCADA Providers

OPC Systems.Net is a supervisory control and data acquisition/human machine interface (SCADA/HMI) product and the vulnerability is exploitable through a malformed .NET Remote Procedural Call (RPC) packet. This report went out without coordination with either the vendor or ICS-CERT.

ICS-CERT has not yet verified the vulnerability or PoC code, but has reached out to the affected vendor to notify, confirm, and identify mitigations. ICS-CERT issued the alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The report includes vulnerability details and PoC exploit code for the following vulnerability: The vulnerability is a malformed packet and it can be remotely exploitable and it could lead to a denial of service attack.

OPC Systems.NET is a SCADA/HMI application used to monitor and control OLE for Process Control (OPC) systems devices.

Meanwhile, there are four vulnerabilities with PoC exploit code affecting atvise webMI, a web-based SCADA/HMI product.

These vulnerabilities are remotely exploitable though the webserver Port 80/TCP. Again, the report released without coordination with either the vendor or ICS-CERT.

ICS-CERT has not yet verified the vulnerabilities or PoC code, but reached out to the affected vendor to notify, confirm, and identify mitigations.

All four vulnerabilities are remotely exploitable. The vulnerabilities are directory transversal, with has an impact of data leakage; NULL pointer, which could lead to a denial of service; termination of the software, which could lead to a denial of service, and resource consumption, which could lead to a denial of service.

Atvise webMI is web-based SCADA management software used in the building automation, traffic control, and manufacturing industries.

One other company is suffering from a buffer overflow vulnerability with potential code execution affecting IRAI Automgen, a human-machine interface supervisory control and data acquisition (HMI/SCADA) product.

The vulnerability is exploitable by running a malformed project file. This report released without coordination with either the vendor or ICS-CERT.

ICS-CERT has not yet verified the vulnerabilities or PoC code, but reached out to the affected vendor to notify, confirm, and identify mitigations.

The report includes vulnerability details and PoC exploit code for a potential buffer overload that is locally exploitable with an impact of a possible remote code execution.

The PoC code is publicly available on the Internet. IRAI Automgen is an automation software package that contains an HMI for design and control of an automated process.

ICS-CERT is coordinating with the vendor and security researcher to identify useful mitigations.



Leave a Reply

You must be logged in to post a comment.