Monday, November 1, 2010

Another Moxa Device Issue

DHS ICS-CERT published an Advisory on their Control Systems Security Program page today concerning a buffer overflow issue that has been indentified on the MOXA Device Manager (MDM, Version 2.1). ICS-CERT reports that they are working with Moxa to develop a new version of the software without this vulnerability.

The Advisory notes that this vulnerability appears that it would be difficult to exploit because “control of the MDM Gateway is necessary since the vulnerable function is exposed during communication between the MDM Tool and MDM Gateway”.

Mitigation Recommendations

DHS ICS-CERT recommends:

• Update version 2.1 to the new MDM version when it is released.
• Ensure network protection for the MDM Tool, Gateway, and Agents to protect communications between these systems.
• Encourage asset owners to minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls, and be separate from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.
• Refer to the Control System Security Program Recommended Practices section for control systems on the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies [note the printed URL in the Advisory is incorrect, though clicking on the link works].

No comments:

/* Use this with templates/template-twocol.html */