Top Server OPC Vulnerability

Friday, August 23, 2013 @ 02:08 PM gHale


Software Toolbox created a new version that mitigates the improper input validation vulnerability in its TOP Server DNP Master OPC product, according to a report on ICS-CERT.

Adam Crain of Automatak and independent researcher Chris Sistrunk, the researchers that discovered the vulnerability, tested the new version to validate that it resolves the remotely exploitable vulnerability.

RELATED STORIES
Siemens Patches COMOS Hole
Sixnet Creates Universal Protocol Version
Kepware Mitigates Vulnerability
Advantech Patches XSS Bug

The following Software Toolbox products suffer from the issue: DNP Master Driver for the TOP Server OPC Server (Version 5.11.250.0) and earlier.

The master station can go into an infinite loop by sending a specially crafted Transmission Control Protocol (TCP) packet or through serial communications. A successful attack exploiting this vulnerability could allow an attacker to put the master station into an infinite loop, causing a denial-of-service condition (DoS). A user would have to manually restart the master station to recover from the loop condition.

Software Toolbox is a U.S.-based company that maintains offices primarily in North Carolina. The Software Toolbox TOP Server sees use in industry and third-party connectivity communication software for automation in OPC and embedded device communications.

The affected product is a Microsoft Windows-based software that facilitates connectivity to multiple DNP3 compliant devices such as human-machine interfaces, remote terminal units, programmable logic controllers, and meters. The TOP Server OPC I&C deploys across several sectors including building automation, power distribution, oil and gas, and water and waste water, according to Software Toolbox.

The Software Toolbox TOP Server DNP Master Driver does not validate input on Port 20000/TCP. This can allow an infinite loop to occur outside the protocol stack, requiring a manual restart to restore communication and control.

CVE-2013-2804 is the number assigned this vulnerability, which has a CVSS v2 base score of 7.1.

No known public exploits specifically target this vulnerability, however, an attacker with a moderate skill would be able to exploit this vulnerability.

Software Toolbox produced a new version of the software, Version 5.12.140.0, which resolves the vulnerability. This version released June 18, 2013.

Information and support about various versions are available at the Software Toolbox Top Server OPC I/O Server support site (registration required).

The most current version of TOP Server available is Version 5.12.142.0 R2 (issued August 5, 2013).

The researchers suggest the following mitigation: Block DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DPN3-specific rule sets.



Leave a Reply

You must be logged in to post a comment.