Report: Holes Not Vulnerabilities After All

Wednesday, March 6, 2013 @ 04:03 PM gHale


Two Schneider Electric vulnerabilities found and released to the public before testing their viability, were determined to not be valid by the vendor, according to a report on ICS-CERT.

The first report was a resource exhaustion issue affecting the M340 PLC family caused by documented resource limits in the communications module. In Schneider Electric’s testing on the reported issue, the module does in fact stop communicating when the connection limit ends up exceeded, but the PLC continues its control functions and its operation remains unaffected, according to the report.

RELATED STORIES
Schneider Faces Product Bugs
Mitigation for Enterprise Buildings Integrator
Third Party Bug Fixed for Wonderware
Fix Ready for Gateway Server

After the connection limit ends up exceeded, the communications module performs a soft reset. An attacker could not remotely exploit this vulnerability to deny PLC control functions.

The second report was with the Magelis XBT HMI panels that have a security mode where the user must engage a password to enable remote configuration uploads.

After this mode initially ends up enabled, it provides a factory default password. Once the user supplies a new password, the factory default password is no longer valid.

ICS-CERT is aware of a public report concerning multiple vulnerabilities in multiple Schneider Electric Products. Arthur Gervais released these vulnerabilities at the Digital Bond SCADA Security Scientific Symposium (S4) conference. Gervais was not immediately available for comment.

The Modicon M340 TCP connection resource exhaustion and Magelis XBT HMI 6001/TCP hard coded credentials vulnerabilities were determined not to be vulnerabilities, according to the ICS-CERT report.

There are still two other remotely exploitable vulnerabilities still under investigation:
• The BMX NOE 0110 product has an unauthenticated SOAP/HTTP interface vulnerability, which could lead to remote code execution.
• Modicon M340 Cross Site Request Forgery that allows unauthorized access.

ICS-CERT is coordinating with the vendor and security researcher to identify mitigations.



Leave a Reply

You must be logged in to post a comment.