Arbiter Systems Patches Vulnerability

Thursday, September 6, 2012 @ 06:09 PM gHale

Arbiter Systems created a patch for the denial of service (DoS) vulnerability in Power Sentinel Phasor Measurement Unit.

OSIsoft tested the patch to validate it resolves the vulnerability.

Hole Exists; Wrong Vendor Selected
InduSoft Vulnerability Released
More Holes with RuggedCom
GarrettCom Patches Vulnerability

The following Arbiter Systems Power Sentinel products suffer from the issue: Model 1133A Power Sentinel, firmware versions 09Jun2012 and earlier.

A successful attack of this vulnerability, which is remotely exploitable, could lead to a DoS.

Arbiter Systems manufactures time clocks, power measurement, and power calibration products for use in electricity generation and transmission. These products see use primarily in the United States, however, some are in South America and Europe as well.

The Ethernet port on this device stops responding to queries when its buffer is full. Certain types of queries to the Ethernet port, such as port scanning, cause the device to stop responding. CVE-2012-3012 is the number assigned to these vulnerabilities, which have a CVSS v2 base score of 7.8.

Arbiter Systems recommends that users update firmware to 11June2012 Rev 421 or later. This version is available on the product page for Model 1133A at the company Web site.

Users will need to download the firmware as well as the uploader software to send the firmware to the device.

Leave a Reply

You must be logged in to post a comment.