Today the DHS ICS-CERT published an advisory for an improper input validation vulnerability in the Nano-10 PLC firmware from Triangle Research. The vulnerability was reported by Wei Gao of IXIA in a coordinated disclosure.
ICS-CERT reports that the vulnerability could be remotely exploited by a moderately skilled attacker to create a denial of service condition in the PLC. TRI has produced a firmware upgrade that fixes the problem (and its efficacy has been verified by Wei), but it cannot be upgraded in the field. It needs to be returned to the manufacturer for the upgrade . (Now what does that do to system availability?) Oh, well ICS-CERT recommends protecting the control system with a firewall “used to deny Port 502/TCP traffic from traversing business/corporate networks to the control systems networks”.
Now this is not a DNP3 system so this is not exactly the same type of improper input validation vulnerability reported by Crain-Sistrunk, but this does sound very similar except that it is in a Modbus system. I’m wondering if this is what Adam and Chris are going to be going hunting for with their new Modbus tool that will be released next year after their DNP3 fuzzer is released.