Triangle MicroWorks Fixes DoS Hole

Friday, May 30, 2014 @ 07:05 PM gHale


Triangle MicroWorks created an update that mitigates an uncontrolled resource consumption vulnerability in its products and third-party components, according to a report on ICS-CERT.

SCADA Data Gateway, versions prior to v3.00.0635 suffer from the remotely exploitable vulnerability, discovered by Adam Crain of Automatak and Chris Sistrunk of Mandiant.

RELATED STORIES
Cogent Fixes 3 DataHub Vulnerabilities
Siemens Updates ROS Vulnerability
Emerson Fixes DeltaV Vulnerabilities
RuggedCom ROX-based Device Vulnerability

The outstation and master can go into a denial of service (DoS) by sending a specially crafted DNP3 packet from the master or outstation on an IP-based network. If the device ends up connected via a serial connection, the same attack can occur with physical access to the master or outstation. The DoS will resolve itself after a period of time.

Triangle MicroWorks is a U.S.-based company with headquarters in North Carolina.

According to Triangle MicroWorks, the product sees actions across several sectors including energy, government facilities, transportation systems, and water and wastewater systems. Triangle MicroWorks estimates these products see use primarily in the United States and Europe/Asia with a small percentage in South America and Australia/New Zealand.

The Triangle MicroWorks software incorrectly validates input and allows a DNP request that results in processing an unreasonably large amount of data. An attacker could cause the software to go into a DoS with a specifically crafted DNP3 packet. The system will restore after a period of time as the DoS will resolve itself.

The following scoring is for IP-connected devices. CVE-2014-2342 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

The Triangle MicroWorks software incorrectly validates input and allows a DNP request that results in processing an unreasonably large amount of data. An attacker could cause the software to go into a DoS with serial access to the device. The system will restore after a period of time as the DoS will resolve itself.

The following scoring is for serial-connected devices. CVE-2014-2343 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 1.2.

The IP-based vulnerability could end up exploited remotely. However, the serial-based vulnerability is not remotely exploitable. There must be local access to the serial-based outstation is required.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill could craft an IP packet that would be able to exploit this vulnerability for an IP-based device.

An attacker with a high skill could exploit the serial-based vulnerability because there must be physical access to the device or some amount of social engineering.

Triangle MicroWorks has produced an update and release notes describing the mitigation. Contact Triangle MicroWorks Support for details on specific platform updates.

Click here for release notes.

Triangle MicroWorks recommends following the International Electrotechnical Commission (IEC) Technical Specification TS 62351 to reduce the risk from vulnerability.



Leave a Reply

You must be logged in to post a comment.