TURCK Fixes Gateway Bugs

Monday, May 20, 2013 @ 04:05 PM gHale


TURCK produced an updated firmware version for the vulnerabilities in the BL20 and BL67 Programmable Gateways, according to a report on ICS-CERT.

Exploitation of this vulnerability, discovered by Researcher Rubén Santamarta of IOActive, would allow an attacker to have remote administrative access to the device. This vulnerability affects programmable gateways deployed in the agriculture and food, automotive, and critical manufacturing sectors.

RELATED STORIES
Wonderware Mitigates Server Holes
RuggedCom Updates ROS Fix
MatrikonOPC Patches Vulnerabilities
Bugs in Galil Compact PLC

The firmware update mitigates the remotely exploitable vulnerability by removing the hard-coded accounts accessible by the FTP service.

The following TURCK products suffer from the issue:
• BL20 Programmable Gateway, all versions, and
• BL67 Programmable Gateway, all versions.

This vulnerability allows an attacker to remotely access the device by using hard-coded credentials. After gaining administrative access, the attacker can create false communication between remote I/Os, PLCs, or DCS systems. Those false communications could cause adverse actions within the control system, possibly including process shutdown.

TURCK is a German-based company that maintains offices in 25 countries around the world, including parts of Europe, South America, Asia, the UK, and U.S.

The affected products, BL20 and BL67 Programmable Gateways, provide communication between the communications bus and I/O modules. According to TURCK, the BL20 and BL67 work across several sectors including agriculture and food, automotive, and critical manufacturing. TURCK said the primary regions were the products see use is in the United States and Europe with a small percentage in Asia.

The BL20 and BL67 Programmable Gateways contain hard-coded credentials. An attacker can logon to the device through Port 21/TCP through the FTP service to obtain administrative access. This could allow the attacker to impact availability, integrity, and confidentiality.

CVE-2012-4697 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

While no known public exploits specifically target this vulnerability, an attacker with a low skill would be able to exploit this vulnerability.

The firmware updates can be downloaded from the TURCK BL20 and BL67 download sites:



Leave a Reply

You must be logged in to post a comment.