RLE HMI Vulnerability

Monday, June 15, 2015 @ 02:06 PM gHale

There is an unsecure credential vulnerability in the RLE International GmbH Nova-Wind Turbine HMI, according to a report on ICS-CERT.

RLE has been unresponsive in validating or addressing the vulnerability, discovered by Independent researcher Maxim Rupp. As a result ICS-CERT released an advisory to warn and protect critical asset owners of this remotely exploitable vulnerability.

N-Tron Encryption Key Vulnerability
Sinapsi Fixes eSolar Light Hole
XZERES Fixes Wind Turbine Hole
Moxa Fixes Buffer Overflow Hole

Nova-Wind Turbine HMI suffers from the issue.

Plain text credentials can end up used to gain unauthenticated access to the device. This means a malicious party could perform any action on the device including change or modify configurations and settings.

RLE International GmbH is a Germany-based company that maintains offices in several countries around the world, including the U.S., UK, Sweden, and India.

The affected product, Nova-Wind Turbine HMI, is a human-machine interface (HMI) for a wind turbine. This product sees use in the energy sector.

The Nova-Wind Turbine HMI stores credentials in a plaintext file. This could allow a malicious user to access the device and make changes to the configuration without authentication.

CVE-2015-3951 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

ICS-CERT has attempted on multiple occasions to contact the vendor regarding this serious flaw. Insecure credential vulnerabilities create a serious risk to asset owners.