SCADA Directory Traversal Vulnerability

Wednesday, September 19, 2012 @ 11:09 AM gHale

There is a directory traversal vulnerability in Fultek’s WinTr Scada application, according to a report on ICS-CERT.

Fultek was unable to validate this vulnerability, discovered by researcher Daiki Fukumori of Cyber Defense Institute, and has not offered any mitigation plans. ICS-CERT did validate the remotely exploitable vulnerability.

RELATED STORIES
Partial Fix on OPC Server Holes
Siemens Patches WinCC Holes
Honeywell Fixes HMIWeb Browser Hole
Hole Exists; Wrong Vendor Selected

WinTr Scada 4.0.5 and earlier product line suffers from the vulnerability. Successful exploitation of this vulnerability may result in information leakage.

Turkey-based Fultek’s WinTr Scada is a Web-based SCADA system.

The WinTr Web server does not sanitize user input, so by sending a specially crafted request to the Web server, an attacker may retrieve arbitrary files. CVE-2012-3011 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

According to MITRE, the best mitigation for this type of vulnerability is to properly sanitize user input. MITRE also recommended, when a third party controls the application and you cannot fix the code, a user could use an application firewall to validate input and mitigate the vulnerability. Running the application in a sandbox environment may also limit the scope of a compromise.



Leave a Reply

You must be logged in to post a comment.