Elipse E3 Process Control Hole Fixed

Wednesday, March 11, 2015 @ 12:03 PM gHale

Elipse released a new version of the E3 application that mitigates a process control vulnerability, which was the result of a third party DLL developed by Telerik, according to a report on ICS-CERT.

Ivan Sanchez from Nullcode Team, who discovered the vulnerability, tested Elipse’s new version to validate it resolves the vulnerability.

GE TCP Sequence Vulnerability
Siemens Mitigates DoS Vulnerability
Siemens Fixes SPC Controller DoS
Siemens Updates Search Path Hole

The following Elipse E3 versions suffer from the issue:
• Elipse E3, Versions 4.5.232-4.6.161
• EQATEC.Analytics.Monitor.Win32_vc100.dll (32-bit)
• EQATEC.Analytics.Monitor.Win32_vc100-x64.dll (64-bit)

Successful exploitation of this vulnerability would require the victim to install and execute malicious code that could result in arbitrary code execution.

Elipse is a Brazil-based company that has business partners in several countries around the world, including the U.S., Germany, India, Russia, Sweden, Argentina, and Chile.

The affected product, Elipse E3, is a supervisory control and data acquisition (SCADA) system for use in critical systems. According to Elipse, Elipse E3 works across several sectors including critical manufacturing. Elipse said the product sees use worldwide.

The affected DLL links with OpenSSL to support HTTPS communications. The OpenSSL library ended up unintentionally built with hardware-support, resulting in unintended cryptographic-related DLLs called at runtime. The unintentional DLL calls may enable an attacker to execute arbitrary code at runtime after convincing a victim to install a malicious DLL called by the application.

CVE-2015-0978 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.2.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads the malformed file.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be difficult. Social engineering is a requirement to convince the user to accept and load the malformed file. This decreases the likelihood of a successful exploit.

Elipse released a new version of its Elipse E3 software, Version 4.6.162, which incorporates the new version of Telerik’s DLLs, Version 3.2.129. Click here for Elipse’s new version.

Telerik’s vulnerable DLLs ended up discovered in Version 3.2.96 and after learning of the issue, the company notified their affected customers. Click here for additional information about Telerik’s new software version.

Leave a Reply

You must be logged in to post a comment.