Optimalog Closes Optima PLC Hole

Thursday, September 27, 2012 @ 06:09 PM gHale


Optimalog released a new version of its Optima PLC application to mitigate a NULL Pointer Dereference and an Infinite Loop vulnerabilities that have a released proof-of-concept exploit code, according to a report on ICS-CERT.

Independent researcher Luigi Auriemma released the vulnerability without coordination with ICS-CERT, the vendor, or any other coordinating entity.

RELATED STORIES
Siemens has Fix for CA Vulnerability
ORing SCADA Line Vulnerability
SCADA Directory Traversal Vulnerability
Partial Fix on OPC Server Holes

The component APIFTP no longer has a default installation with Optima PLC, the user must check a specific option. A security warning displays at the first performance of APIFTP to inform the user about opening a TCP port and asking the user to validate APIFTP use.

Optima PLC 1.5.2 and prior suffer from the issue. Attacks that target this remotely exploitable vulnerability are publicly available.

Successful exploitation of these vulnerabilities may result in a denial of service (DoS).

Optimalog is a France-based company and Optima PLC, is a software-based PLC system, which mainly sees use in Europe.

By sending a specially crafted packet to a specific port, Optima PLC’s component APIFTP will dereference a NULL Pointer when using path names that are long. This will result in termination of the server. CVE-2012-5048 is the number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

In addition, by sending a specially crafted packet to a specific port, Optima PLC’s component APIFTP does not correctly handle incomplete packets. This will result in an infinite loop that will cause CPU consumption and may result in a denial of service (DoS). CVE-2012-5049 is the number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

Optimalog’s recommendation to all users that plan to use APIFTP Server is to configure their firewall and VPN accordingly and set the program to run at startup of the station. If a user does not plan to use APIFTP server, then disable its execution.



Leave a Reply

You must be logged in to post a comment.