Open Automation Software Hole

Friday, December 11, 2015 @ 04:12 PM gHale

Open Automation Software reviewed the DLL Hijacking vulnerability in its OPC Systems.NET application and determined not to patch the issue at this time, according to a report on ICS-CERT.

This vulnerability, discovered by Ivan Sanchez from Nullcode Team, could end up exploited remotely with social engineering.

Advantech EKI Vulnerabilities
No Patch from Pacom, but New Version Fixed
Wind Turbine Vulnerability Patched
LOYTEC Fixes Router Vulnerability

OPC Systems.NET Version 8.00.0023 and previous versions suffers from the issue.

Exploitation of DLL Hijack vulnerabilities gives an attacker access to the system with the same privilege level as the application that utilizes the malicious DLL.

Open Automation Software is a U.S.-based company that has offices around the world.

The affected product, OPC Systems.NET, is a NET product for supervisory control and data acquisition (SCADA) and human-machine interface (HMI) applications.

According to Open Automation Software, OPC Systems.NET is an HMI application deployed across several sectors including critical manufacturing, energy, and water and wastewater systems. Open Automation Software said these products see use throughout the world, primarily in the United States.

A successful exploit of this vulnerability requires the local user to install a crafted DLL on the victim machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.

CVE-2015-7917 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads the malformed DLL file.

No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Social engineering would end up required to convince the user to accept the malformed DLL file. Additional user interaction would have to occur to load the malformed file. This decreases the likelihood of a successful exploit.

Open Automation Software passed the researcher information to its support team to assist customers in the event that they encounter this vulnerability. Users who believe their Open Automation Software OPC Systems.NET could be in danger of compromise or not functioning correctly should email Open Automation Software.