Kepware Mitigates Vulnerability

Thursday, August 15, 2013 @ 08:08 PM gHale

Kepware Technologies produced a new version that mitigates the improper input validation vulnerability in its DNP Master Driver for the KEPServerEX Communications Platform, according to a report on ICS-CERT.

Researchers Adam Crain of Automatak and independent researcher Chris Sistrunk, who found the remotely exploitable vulnerability, tested the new version to validate that it resolves the vulnerability.

Advantech Patches XSS Bug
OSIsoft Mitigates Vulnerabilities
Tridium Niagara Security Update
SEL Fixes Improper Input Validation

Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform (Version v5.11.250.0) suffers from the issue.

The master station can end up going into an infinite loop by sending a specially crafted TCP packet or through serial communications. A successful attack exploiting this vulnerability could allow an attacker to put the master station into an infinite loop, causing a denial-of-service condition. The master station must manually restart to recover from the loop condition.

“Kepware is committed to ensuring that our communication solutions meet the security requirements of our customers’ applications,” said Tony Paine, president and chief of Kepware Technologies. “If a vulnerability within our products is discovered, we will take the necessary steps to patch and notify our customers. ICS-CERT’s efforts around protecting critical infrastructure is extremely important, and as a vendor we recognize the importance of rectifying issues as quickly as possible.”

Kepware Technologies is a Portland, ME-based company. The KEPServerEX Communications Platform sees use for industry and third-party connectivity communication software for automation in OPC and embedded device communications.

The affected product is a Microsoft Windows-based software that facilitates connectivity to multiple DNP3 compliant devices such as human-machine interfaces, remote terminal units, programmable logic controllers, and meters. According to Kepware Technologies, the KEPServerEX deploys across several sectors including building automation, power distribution, oil and gas, and water and waste water.

The Kepware Technologies’ DNP Master Driver does not validate input on Port 20000/TCP. This can allow an infinite loop to occur outside the protocol stack, requiring a manual restart to restore communication and control. In addition, an attacker could craft and inject data input in a form not expected by the rest of the application. This can lead to parts of the system receiving unintended input, which may result in altered control flow or arbitrary control of a resource.

CVE-2013-2789 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

No known public exploits specifically target this vulnerability and an attacker with a moderate skill would be able to exploit this vulnerability.

Kepware Technologies has produced a new version of the software, V5.12.140.0, which resolves the vulnerability. Information about the new version is available at the Kepware support site.

The researchers suggest the following mitigations: Block DNP3 traffic from traversing onto business or corporate networks through the use of an IPS or firewall with DPN3-specific rule sets.

Leave a Reply

You must be logged in to post a comment.