Tuesday, November 9, 2010

ICS-CERT Advisory on RealWin SCADA Vulnerability

This afternoon the DHS ICS-CERT has published an advisory on the RealWin SCADA Vulnerability that it reported about in an alert published last week (Note: this links to my blog post; links to the Alert no longer appear to be working). The new advisory reports that RealWin Technologies has provided an update to their RealWin SCADA software that eliminates the buffer overflow vulnerability.

The DHS ICS-CERT Advisory provides the following updated mitigation measures that should be considered by RealWin SCADA users:

• Update RealWin to Version 2.1.10 (Build 6.1.10).
• Ensure that your firewall is restricting access to TCP port 912. RealWin does not require external access to port 912 as it is only used internally on the PC between the communication modules and the RealWin module.
• Encourage asset owners to minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls, and be separate from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.
• Refer to the Control System Security Program Recommended Practices section for control systems on the US-CERT web site. Several recommended practices are available for reading or downloading, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
As with all industrial control system mitigation suggestions ICS-CERT recommends that “administrators should consult their control systems vendor prior to making any control system changes”.

The advisory also notifies users of this system that there is a publicly available exploit published for this vulnerability and as well as a Metasploit module. It also notes that an intermediate skill level hacker could exploit this vulnerability.

No comments:

/* Use this with templates/template-twocol.html */