Today the DHS ICS-CERT published two advisories for multiple vulnerabilities in Cogent Real-Time Systems and Rockwell FactoryTalk and RSLink systems.
This advisory describes multiple vulnerabilities reported by Dillon Beresford in the Cogent Real-Time Systems DataHub. The vulnerabilities include:
• Improper input validation, CVE-2013-0681;
• Buffer overflow, CVE-2013-0680;
• Invalid pointer, CVE-2013-0683; and
• Improper exception handling, CVE-2013-0682.
ICS-CERT reports that a relatively low skilled attacker could remotely execute denial of service attacks while a more skilled attacker may be able to execute arbitrary code. Actually the invalid pointer only affects DataSim or DataPid demonstration tools and not the Data Hub.
Cogent has provided a number of suggestions for port settings, firewall suggestions and turning off the web server to isolate the reported vulnerabilities. They also suggest upgrading to newer versions of the applications that do not have the reported vulnerabilities. This dual path for mitigations provides owners with options for effecting the most cost effective mitigation measures for their particular operation.
BTW: There is no mention of whether or not Beresford or ICS-CERT has verified that the updated versions of these applications actually eliminate the reported vulnerabilities.
This advisory describes multiple vulnerabilities in Rockwell Automation’s FactoryTalk Services Platform and RSLinx Enterprise Software reported by Carsten Eiram of Risk Based Security. The vulnerabilities include:
• Integer overflow – negative integer, CVE-2012-4713;
• Integer overflow – over-size integer, CVE-2012-4714;
• Improper exception handling, CVE-2012-4695; and
• Buffer overflow, CVE-2012-4715.
ICS-CERT reports that a relatively low skilled attacker could remotely exploit these vulnerabilities to execute a DoS attack and perhaps execute code insertion. The advisory notes that Rockwell has produced (and self-validated) patches for newer versions of the software and recommends upgrading from older versions that will not be patched.
This is the classic upgrade/patch response to control system vulnerabilities. Unfortunately it is not always easy or even possible to patch or upgrade software in a control system in a timely manner. This is why the Cogent response is a more user friendly method of vulnerability mitigation