Software Toolbox Mitigates Vulnerability

Wednesday, February 25, 2015 @ 02:02 PM gHale

Software Toolbox created a new version that mitigates a resource exhaustion vulnerability in the Top Server application, according to a report on ICS-CERT.

Software Toolbox Top Server Versions 5.16 and earlier suffer from the remotely exploitable vulnerability, discovered by Adam Crain of Automatak and Chris Sistrunk of Mandiant.

Siemens Fixes STEP 7 TIA Portal Holes
Yokogawa HART Device DTM Hole
Siemens Fixes WinCC Vulnerabilities
Siemens Offers STEP 7 Service Pack

An attacker who exploits this response processing vulnerability may be able to crash the OPC Server application software running on the target.

Software Toolbox is a Matthews, NC- based company. The TOP Server application is an industrial third-party connectivity communication software for OPC and embedded device communication users, system integrators, and OEM automated processes worldwide.

The affected product, Top Server, is a Microsoft Windows-based software that facilitates connectivity to multiple DNP3 compliant devices such as HMI, RTU, PLC, sensors and meters.

Top Server sees action worldwide across several sectors including chemical, commercial facilities, critical manufacturing, energy, food and agriculture, information technology, and water and wastewater systems.

A vague interpretation of the DNP3 protocol may allow a specially crafted response to create large numbers of entries in the master in some implementations. This is not a universal problem for all DNP3 users, vendors, or integrators, but it may occur.

CVE-2014-5425 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

No known public exploits specifically target this vulnerability. However, an attacker with a moderate skill would be able to exploit this vulnerability.

Remote devices should not return a variation of 0 to a master, and a master that encounters a zero length message from a remote should stop processing that message.

DNP3 Application Note AN2013-004b Validation of Incoming DNP3 Data, published August 13, 2014, addresses this issue. Click here to download this bulletin.

Software Toolbox has produced a new version of Top Server software, V5.17.495.0, which resolves the vulnerability. Information about the new version is available at the Software Toolbox support site.

Telephone support is available to trial and registered users 8 a.m. to 5 p.m. U.S. Eastern Time (GMT 5), Monday through Friday. The numbers are: U.S. Toll Free – 888-665-3678; global 704-849-2773.

Leave a Reply

You must be logged in to post a comment.