TRi Fixes Vulnerability

Tuesday, November 26, 2013 @ 10:11 AM gHale

TRi Inc. created a firmware upgrade that mitigates an improper input validation vulnerability in its Nano 10 programmable logic controller (PLC), according to a report on ICS-CERT.

Researcher Wei Gao of IXIA had notified ICS-CERT originally in September. Gao has tested the firmware upgrade to validate that it resolves the remotely exploitable vulnerability.

Catapult Software DNP3 Driver Bug
GE Proficy DNP3 Improper Input Validation
Nordex NC2 XSS Vulnerability
WellinTech Patches KingView Holes

The vulnerability affects all firmware versions prior to r82.

An attacker could send a specially crafted packet to the PLC, causing a denial-of-service (DoS) condition. Exploitation of this vulnerability may cause the device to become inaccessible from the network and must be power-cycled to recover from the DoS condition.

TRi Inc. has headquarters in British Columbia, Canada, and maintains an office in Delaware.

The affected product, Nano-10 PLC, is a controller typically used with automated manufacturing equipment such as packaging machines, dispensing machines, and pump controls. The Nano-10 deploys across several sectors including Food and Agriculture, Commercial Facilities, Transportation Systems, Water and Wastewater Systems, and Energy, according to TRi Inc. The product has primary usage in the United States, Canada, Australia, Singapore, and South Korea.

The Nano-10 PLC does not properly validate input on incoming Modbus/TCP packets. By sending a specially crafted packet to Port 502/TCP of the PLC, an attacker could create a DoS condition that would cause the device to become inaccessible from the network and must be manually power-cycled to recover normal functions.

CVE-2013-5741 is the number assigned to this vulnerability by MITRE at the request of IXIA. It has a CVSS v2 base score of 7.8.

While no known public exploits specifically target this vulnerability, an attacker with a moderate skill would be able to exploit this vulnerability.

According to TRi Inc., users cannot upgrade the Nano-10 PLC’s operating system firmware in the field. Customers should contact TRi Inc. to return the affected PLCs for an r82 firmware upgrade to resolve this vulnerability. In addition, firewall rules should deny Port 502/TCP traffic from traversing business/corporate networks to the control systems networks.

Leave a Reply

You must be logged in to post a comment.