Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published two new advisories for vulnerabilities in control system programs from 7-Technologies (7T) and Cogent Real-Time Systems. These are not the common, run-of-the mill HMI vulnerabilities that we have become accustomed to over the last year or so. Security researchers are digging a little deeper into these systems.
This advisory is for the 7T Interactive Graphical SCADA System. It is an unsafe search path vulnerability that would require a social engineering attack to allow a relatively low skilled attacker to gain user privileges on the system via a DLL hijack. The vulnerability was reported by Kuang-Chun Hung of the Security Research and Service Institute – Information and Communication Security Technology Center (ICST).
7T has produced a patch to resolve this vulnerability. It is available on their web site. A CVE number has been assigned to this vulnerability, but it is not yet available.
The same security researcher also discovered two vulnerabilities in the Cogent Data Hub application. Both vulnerabilities (a cross-site scripting vulnerability and an HTTP header injection vulnerability) would require a social engineering attack to effectively exploit either vulnerability. A successful attack would principally affect the user’s web browser which could open doors for other attacks.