Yokogawa Patches XML External Entity

Wednesday, December 10, 2014 @ 01:12 PM gHale

Yokogawa created a service pack that mitigates an XML external entity processing vulnerability in its FAST/TOOLS application, according to a report on ICS-CERT.

FAST/TOOLS Versions R9.01 though R9.05 SP1 suffer from the issue discovered by Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies Inc.

Yokogawa Mitigates CENTUM, Exaopc Holes
Emerson Updates RTU Mitigations
Elipse Fixes SCADA DNP3 DoS
Siemens Updates WinCC Fixes

An attacker who exploits this vulnerability could cause data from the WebHMI server to send out to an outside machine. An exploit could also increase the load of the WebHMI server and the network.

Yokogawa is a company based in Japan that maintains offices in several countries around the world, including the Americas, Europe, the Middle East, Africa, South Asia, and East Asia.

The affected products, FAST/TOOLS, are a web-based real-time operations management and visualization software suite. The products deploy across several sectors, including the petroleum and natural gas segments of the energy sector.

To exploit the external entity reference vulnerability, an attacker must intrude the WebHMI.

CVE-2014-7251 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 2.4.

No known public exploits specifically target this vulnerability and crafting a working exploit for this vulnerability would be difficult.

To mitigate the vulnerability install service pack (R9.05-SP2) for the FAST/TOOLS R9.05. To activate the service pack, the computer needs to reboot.

Older systems, using earlier revisions (R9.01 – R9.04) than the target revision (R9.05), should upgrade to the target revision (R9.05) and then apply the service pack. Contact Yokogawa support and services if it is difficult to upgrade the system to the target revision (R9.05).

In addition, the vulnerability will end up corrected and upgraded to the latest version (R10.01) of FAST/TOOLS.

For questions related to this vulnerability or how to obtain the patch software, contact the Yokogawa service department.

See Yokogawa’s security advisory (YSAR-14-0004E) for more details.

Leave a Reply

You must be logged in to post a comment.