SCADA Engine Fixes OPC Server Holes

Wednesday, March 11, 2015 @ 02:03 PM gHale


SCADA Engine created a new software version that mitigates three vulnerabilities in its BACnet OPC Server application, according to a report on ICS-CERT.

Independent researcher Josep Pi Rodriguez, who discovered the vulnerabilities, tested the new software version to validate that it resolves all three remotely exploitable vulnerabilities.

RELATED STORIES
Elipse E3 Process Control Vulnerability Fixed
GE TCP Sequence Vulnerability
Siemens Mitigates DoS Vulnerability
Siemens Fixes SPC Controller DoS

OPC Server prior to and including Version 2.1.359.22 suffers from the vulnerabilities.

The simple object access protocol (SOAP) web interface in the Windows Service used in this product directly contributed to all three vulnerabilities. Arbitrary code execution is possible.

SCADA Engine is a Thailand-based company that maintains offices in Thailand.

The affected product, BACnet OPC Server, provides data access, alarms and events, and historical data access between OPC clients and BACnet-compliant devices.

The American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE) developed the BACnet protocol. BACnet OPC Server generally sees use for building automation and control systems, according to SCADA Engine. SCADA Engine said these products see use globally.

By sending a special packet to the BACnet OPS Server, it is possible to trigger a heap corruption. This could allow the attacker to cause a crash or to execute arbitrary code.

CVE-2015-0979 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.3.

The BACnet OPC Server contains a format string vulnerability. Sending a specially crafted request to BACnOPCSever.exe could possibly crash the service. This could allow the attacker to execute arbitrary code.

CVE-2015-0980 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

SCADA Engine Bacnet OPC Server has a vulnerability that allows an attacker to insert, read, or delete any items in the database.

CVE-2015-0981 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.

SCADA Engine developed and deployed a new software to mitigate the issues; click here to download the latest version.

This new version of software has removed the SOAP web interface in the Window Service and replaced it with a proprietary communications protocol. In addition, requests from other personal computers end up blocked to prevent attacks from another personal computer.



Leave a Reply

You must be logged in to post a comment.