PoC Holes from SCADA Providers

Tuesday, October 4, 2011 @ 07:10 PM gHale

Two more SCADA software providers are suffering from proof-of-concept (PoC) vulnerabilities, according to ICS-CERT.

There are ActiveX control buffer overflow vulnerabilities with proof-of-concept (PoC) exploit code affecting InduSoft’s ISSymbol.

In addition, there is a public report of four vulnerabilities with a PoC exploit code affecting the PcVue HMI/SCADA Version 10.0 product.

New Patches for Rockwell
More ICONICS Holes
Sunway Facing Vulnerabilities
SCADA Alert: Fixes in Works
Antivirus Protection for SCADA Security

In the InduSoft case, Dmitriy Pletnev of Secunia Research found the vulnerability and has coordinated with InduSoft, who produced a patch that mitigates the issues. ICS-CERT has not validated the patch.

The vulnerabilities affect InduSoft Web Studio Versions 7.0B2 (Build: 0301.1009.2904.0000) and 7.0 (Build: 0301.1102.0303.0000).

An attacker who successfully exploits any of these vulnerabilities may be able to execute arbitrary code on the target system.

InduSoft Web Studio develops human-machine interfaces, SCADA systems, and embedded instrumentation systems. InduSoft often integrates as a third-party application in control systems.

Boundary errors on processing the “Open,” “Close,” and “SetCurrentLanguage” methods for this ActiveX control can suffer exploitation and cause heap and stack-based buffer overflows via overly long strings assigned to the properties.

A CVE-2011-0342 has been assigned for these vulnerabilities and it has a CVSS base score of 10.

These vulnerabilities are remotely exploitable and public exploits are targeting these vulnerabilities. In addition, an attacker with a low skill level can create the denial of service. However, an attacker would require more skill to execute arbitrary code.

InduSoft recommends users of InduSoft Web Studio software upgrade to the latest version and install the latest service pack. The latest service pack is available for download at InduSoft’s Security Updates and Hotfixes webpage.

Meanwhile, with PcVue, there is a public report of four vulnerabilities with a PoC exploit code affecting its HMI/SCADA Version 10.0 product.

These vulnerabilities are remotely exploitable by using an ActiveX component within a targeted machine, according to the report.

ICS-CERT has not yet verified the vulnerabilities or PoC code but reached out to the vendor to notify, confirm, and identify mitigations.

ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing these and other cyber security risks.

The report included vulnerability details and PoC exploit code for the following vulnerabilities:
• Control of a function pointer, which is remotely exploitable, with a potential denial of service and possible remote code execution
• Arbitrary Memory Write, which is remotely exploitable, with a potential impact to write memory
• Directory Traversal, which is remotely exploitable, with a possible file corruption impact
• Array Overflow, which is remotely exploitable, with a potential denial of service and potential remote code execution

ICS-CERT is currently coordinating with the vendor to identify useful mitigations.

Leave a Reply

You must be logged in to post a comment.