The DHS ICS-CERT Advisory provides the following updated mitigation measures that should be considered by RealWin SCADA users:
• Update RealWin to Version 2.1.10 (Build 6.1.10).As with all industrial control system mitigation suggestions ICS-CERT recommends that “administrators should consult their control systems vendor prior to making any control system changes”.
• Ensure that your firewall is restricting access to TCP port 912. RealWin does not require external access to port 912 as it is only used internally on the PC between the communication modules and the RealWin module.
• Encourage asset owners to minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls, and be separate from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.
• Refer to the Control System Security Program Recommended Practices section for control systems on the US-CERT web site. Several recommended practices are available for reading or downloading, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
The advisory also notifies users of this system that there is a publicly available exploit published for this vulnerability and as well as a Metasploit module. It also notes that an intermediate skill level hacker could exploit this vulnerability.
No comments:
Post a Comment