AzeoTech DAQFactory in Patch Mode

Wednesday, July 6, 2011 @ 03:07 PM gHale

There are vulnerabilities in AzeoTech DAQFactory that could force a system reboot or shutdown, according to an ICS-CERT advisory.

ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) first received a report from the nSense Vulnerability Coordination Team. The initial report came out May 24, but there was a delay in the release to allow users sufficient time to download and install the upgrade.

ICONICS Patches SCADA Software
Siemens PLC Security Alert
WinCC Vulnerabilities Patched
Attack Vector: Buffer Overflows Top Threat

ICS-CERT worked with nSense and AzeoTech to validate the vulnerabilities and create a mitigation strategy.

Azeotech has created a new version (Version 5.85, Build 1842) to resolve these vulnerabilities. Users who do not require the networking capability can easily adjust the system settings in their existing versions to disable the vulnerable feature.

The default settings for future releases (Versions 5.85 and newer) will change to mitigate the vulnerability. ICS-CERT confirmed Version 5.85 and disabling the vulnerable feature in older versions successfully mitigates this vulnerability.

AzeoTech said DAQFactory networking vulnerability only affects users of DAQFactory Standard, Pro, Developer, or Runtime. DAQFactory Express, Starter, Lite, and Base do not support networking and are not vulnerable to these attacks.

When the affected networking features of DAQFactory are working and the system is in an insecure position, an attacker can cause the system to stop functioning or reboot.

AzeoTech provides supervisory control and data acquisition (SCADA) and human-machine interface (HMI) software to users in multiple industries, including water, power, and manufacturing. AzeoTech customers are primarily in the United States and Europe, but are also in other parts of the world.

The DAQFactory networking feature allows multiple machines running DAQFactory to interact with each other. This interaction includes sending a signal from one device to initiate a reboot or shut down of another device. A successful attacker could trigger a DAQFactory system reboot or shutdown.

This vulnerability is remotely exploitable, but there have been no cases to date.

AzeoTech recommends users take one of the following steps:
1. Upgrade to Version 5.85 (Build 1842), which addresses this vulnerability by adding authentication, and changes default settings to disable both the networking feature and also the remote reboot and shutdown feature. Click here to download Version 5.85.
2. For versions older than Version 5.85, disable the DAQFactory networking feature if the system configuration does not require network support. Users can check the “Disable Broadcast” option in the “File – Document Settings” menu.
3. AzeoTech recommends users to only deploy DAQFactory on an isolated network if they cannot perform one of the above mitigation steps.

ICS-CERT verified upgrading to Version 5.85 (Build 1842) successfully mitigates the reported vulnerabilities.

Leave a Reply

You must be logged in to post a comment.