Last Thursday the DHS ICS-CERT published an update of a
technical information paper (TIP) that they issued in May. They also issued an
advisory for a vulnerability for a very common interface used by a wide variety
of control systems. The odd thing about this advisory is that the vulnerability
was not discovered by an independent security researcher; OSIsoft requested
ISC-CERT to examine their product for vulnerabilities.
Tip Sheet
Back in May ICS-CERT published “Targeted Cyber Intrusion
Detection and Mitigation Strategies” after the public
disclosure of a number phishing attacks on gas pipeline companies. At the
time I
wrote that:
“As one would expect, there is
nothing really new here, but it is a nice summary of the multiple levels of
cyber protection that need to be employed to help reduce the effectiveness and
impact of a targeted cyber-attack.”
This
new addition to the TIP addresses the issue of credential management and it
provides a wealth of information that ICS-CERT has not addressed previously.
And the topic is important in defending a system that has been breached by a
phishing attack.
The information provided in the new two and a half pages
added to the TIP covers a wide range of topics about the ins and outs of
protecting passwords and their hashes. That isn’t enough to go into a real
useable level of detail, but ICS-CERT did provide a number of footnotes to
additional information that will provide the level of detail necessary for most
administrators.
I’m not sure why this data wasn’t included in the initial
publication; the information is not new. Oh well, better late than never.
OSIsoft OPC Interface
This advisory for the PI OPC DA Interface addresses a buffer
overflow vulnerability that would allow a medium skilled attacker to write data
to OPC items collected by the PI OPD CA Interface. OSIsoft has made a software
update available that corrects the problem.
As I noted earlier, this vulnerability was actually
discovered by ICS-CERT. Since the discovery was made under contract with
OSIsoft they would have retained the rights to allow the publication of the
discovery. So I’ll add my kudos to those provided by Dale Peterson at
DigitalBond to OSIsoft for their allowing the public disclosure of this vulnerability.
BTW: Dale has a much more detailed look at the importance of
this vulnerability on his SCADA
security blog. The whole discussion following his post is well worth reading.
NOTE: I made an error in my comment on Dale’s post; I got my
days wrong because of a crazy schedule. I downloaded my copy of the OSIsoft
Advisory on Thursday evening.
Posts
No comments:
Post a Comment