Schneider Fixes ClearSCADA Vulnerability

Tuesday, January 14, 2014 @ 03:01 PM gHale

Schneider Electric created a new version of its SCADA Expert ClearSCADA software that mitigates an uncontrolled resource consumption vulnerability, according to a report on ICS-CERT.

Adam Crain of Automatak, who discovered the problem along with independent researcher Chris Sistrunk, tested the new version to validate it resolves the remotely exploitable vulnerability.

Ecava Fixes Project Directory Hole
Advantech Fixes Hole with Upgrade
Sierra Wireless Discontinues Gateway
NovaTech DNP3 Vulnerability

The following Schneider Electric versions suffer from the issue:
• ClearSCADA 2010 R2 (Build 71.4165)
• ClearSCADA 2010 R2.1 (Build 71.4325)
• ClearSCADA 2010 R3 (Build 72.4560)
• ClearSCADA 2010 R3.1 (Build 72.4644)
• SCADA Expert ClearSCADA 2013 R1 (Build 73.4729)
• SCADA Expert ClearSCADA 2013 R1.1 (Build 73.4832)
• SCADA Expert ClearSCADA 2013 R1.1a (Build 73.4903)
• SCADA Expert ClearSCADA 2013 R1.2 (Build 73.4955)

Successful exploitation of this vulnerability may cause a denial of service (DoS) of the DNP3 process. Specially crafted, unsolicited frames may cause excessive event logging. This condition may slow driver operation and may lead to a DoS.

Schneider Electric is a France-based company that maintains offices in 190 countries worldwide.

ClearSCADA sees use across several sectors including energy and water and wastewater systems, according to Schneider Electric.

Specially crafted IP frames may cause DNP3Driver.exe to hang. If the DNP3 driver ends up flooded with frames containing multiple errors, an excessive number of event journal messages could end up logged, resulting in a starvation of resources, leading to a DoS attack. This condition cannot cause data corruption, crash the driver, or allow execution of arbitrary code but will affect operational response.

CVE-2013-6142 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

No known public exploits specifically target this vulnerability. An attacker with a medium skill would be able to exploit this vulnerability.

Schneider Electric has fixed this issue in the latest released software version of SCADA Expert ClearSCADA 2013 R2.

ClearSCADA users should contact the local Schneider Electric office to obtain the latest software version for ClearSCADA; alternatively this new version is available for direct download from the Schneider Electric Web site. To upgrade, customers must complete and submit an online form.

Click here for general instructions on how to upgrade the ClearSCADA license.

Detailed instructions on how to upgrade a ClearSCADA installation are available.

Schneider Electric advises all ClearSCADA users to take steps to secure the interfaces to the ClearSCADA system. The following guidelines are a starting point only in establishing an appropriate level of system security:
• Monitor DNP3 traffic and system Event Journal to detect excessive amounts of traffic/logging that may be representative of a fuzzing attack.
• Upgrade the ClearSCADA server to SCADA Expert ClearSCADA 2013 R2 or newer, or Service Packs released later than November 2013.

Schneider Electric has also published security notification SEVD-2013-339-01.

The researchers suggest blocking DNP3 traffic from traversing onto business or corporate networks through the use of an intrusion prevention system or firewall with DNP3-specific rule sets to add an additional layer of protection.

Leave a Reply

You must be logged in to post a comment.