Friday, September 17, 2010

ICS-CERT Alert – BACnet OPC Client

Today the DHS ICS-CERT updated the Control System Security Program web page with a link to their alert about a buffer overflow vulnerability on the SCADA Engine BACnet OPC Client Buffer.

SCADA Engine is a Building Automation Software development company. Their version of the BACnet OPC Client allows for the connection of an OPC compliant workstation, through the OPC Server to the BACnet network. That network controls building services including:

● Heating, Cooling and Ventilation.
● Chillers, Boilers .
● Air Handling Units.
● Security, Lighting.
● Miscellaneous equipment.
According to the Alert the buffer overflow vulnerability “can be exploited to create a stack-based buffer overflow when a user opens a specially crafted file (e.g., *.csv file)”. The BACnet OPC Client uses a *.csv file for storing the OPC Tag database. So it is not unusual for system users to see *.csv files.

This vulnerability could potentially be exploited to allow an attacker to exercise control over the system by “arbitrary code execution”. This could allow alarms to be turned on or off, manipulate ventilation controls, and control networked building security devices.

According to the Alert there is not currently a patch or workaround available for this vulnerability. The current best defense is for system owners and operators to take extreme caution when opening unexpected or untrusted *.csv files. The ICS-CERT is in the process of contacting the vendor and will provide updates as appropriate.

No comments:

/* Use this with templates/template-twocol.html */