Advantech Vulnerability Released

Monday, January 7, 2013 @ 05:01 PM gHale

There is a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech Studio Web server, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product, according to a report on ICS-CERT.

The report, released by Nin3 without coordination with the vendor or ICS-CERT, talks about a directory traversal vulnerability that could occur when a specially crafted request is passed to the Web server.

Control System Malware Alert
Downtime: Utility Suffers Virus
Antivirus Not Catching New Viruses
Symantec Antivirus Bug

Successful exploitation of this remotely exploitable vulnerability could result in data leakage.

Advantech is aware of the report and said it phased out the Advantech Studio product. As this is now a rebranded Indusoft Web Studio product, full support and upgrades are available through Indusoft Web Studio.

ICS-CERT issued this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other attacks.

ICS-CERT recommended users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
• Disable the Web server until a fix is available.
• Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
• Locate control system networks and devices behind firewalls, and isolate them from the business network.
• If the company requires remote access, employ secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.

Leave a Reply

You must be logged in to post a comment.