Eaton Working to Fix ELCSoft Holes

Friday, August 4, 2017 @ 05:08 PM gHale

There is a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers, according to a report with ICS-CERT.

An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the process, according to the public report, coordinated with ICS-CERT prior to its public release by researcher Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative.

Siemens Molecular Imaging Windows 7 Issues
Siemens Fixing Molecular Imaging XP Holes
Schneider Clears Pro-face GP-Pro EX Hole
Schneider Clears Trio TView Holes

ICS-CERT has notified the affected vendor, who has reported they are planning to address the vulnerabilities, but they did not provide a timeline.

ICS-CERT issued a public report to provide notice and to identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

The remotely exploitable vulnerabilities are a stack-based buffer overflow and a heap-based buffer overflow which could lead to remote code execution.

The affected product, ELCSoft programming software, is used to configure Eaton ELC programmable logic controllers. According to Eaton this product sees use primarily in the energy sector, and on a global basis.

These vulnerabilities could allow remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft.

ICS-CERT is currently coordinating with the vendor and security researcher to identify more prescriptive mitigations.

In the meantime, ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities by:
• Minimizing network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
• Locating control system networks and devices behind firewalls, and isolating them from the business network.
• Isolating vulnerable systems from the Internet and untrusted systems; however, if connectivity is required, use a VPN solution and implement network monitoring, recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Leave a Reply

You must be logged in to post a comment.