SCADA Vulnerability Surfaces

Thursday, October 11, 2012 @ 06:10 PM gHale

There are multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting the Sinapsi eSolar Light Photovoltaic System Monitor, a supervisory control and data acquisition (SCADA) monitoring product.

The Italy based provider’s product also sells under the banner of Enerpoint eSolar Light, Schneider Electric Ezylog Photovoltaic Management Server, Gavazzi Eos-Box, and Astrid Green Power Guardian, according to a report on ICS-CERT.

WellinTech Patches Vulnerability
Mitigation, Update for PLC Hole
Sielco Sistemi Overwrite Vulnerability
Hotfix for DeltaV Vulnerability

Researchers Roberto Paleari and Ivan Speziale said the vulnerabilities are remotely exploitable by authenticating to the service using hard-coded credentials. Exploiting these vulnerabilities would allow attackers to remotely connect to the server and execute remote code, possibly affecting the availability and integrity of the device.

The researchers released the vulnerability without coordination with either the vendor or ICS-CERT.

The vendor is aware of the report and ICS-CERT asked the vendor to confirm the vulnerability and identify mitigations.

The product sees use in the Energy sector. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other attacks.

The report included vulnerability details and PoC exploit code for the following vulnerabilities: Hard-coded credentials, SQL injection, command execution broken, and session enforcement, which could lead to an unauthorized authentication, information leakage, and remote code execution.

Leave a Reply

You must be logged in to post a comment.