This morning the DHS ICS-CERT published a new advisory for a predictable TCP sequence vulnerability in Eaton’s Cooper Power Systems controls and relays. The vulnerability was initially reported by Dr. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech. Eaton’s Cooper has produced a patch to mitigate the vulnerability and ICS-CERT reports that the researchers have validated the efficacy of the patch.
ICS-CERT reports that a skilled attacker could remotely exploit this vulnerability to execute a man-in-the-middle attack.
The Eaton’s Cooper advisory notes that by “ensuring that controls are not accessible from external networks and that appropriate physical security measures are provided at network access points, any risks associated with this vulnerability are greatly minimized”. They also note that the “vulnerability could allow for the potential of spoofing attacks and session hijacking”.
ICS-CERT reports that they had released this advisory to the US-CERT Secure Portal on January 6th. The company advisory was not issued until July 6th after the patches had been made available. The fact that the advisory was issued on the Secure Portal so early in the coordination process indicates how serious this vulnerability can be. And this reinforces the need for system owners to regularly check the Secure Portal for information on critical vulnerabilities.