ICS-CERT Publishes Another SCADA Vulnerability Alert

This afternoon DHS ICS-CERT published a very brief alert about a reported vulnerability in RealFlex’s Realwin SCADA software product on the DHS Control Systems Security Program web site. This alert is based upon an undisclosed security researcher’s published information. DHS is reaching out to both the researcher and RealFlex to validate the claim and, if validated, work with the vender to fix the problem.

Realwin is a SCADA server product used in the power, oil and gas, water and wastewater, marine, transport, chemical, manufacturing, and telecommunications sectors. The reported vulnerability is that the service listening on TCP port 912 is vulnerable to multiple stack-based buffer overflows from specially crafted packets”.

At this point DHS ICS-CERT recommends the following generic mitigation efforts pending verification of the vulnerability and Realwin’s development of a patch or updated version of their software.

• Placing all control systems assets behind firewalls, separated from the business network.
• Implementing network or host-based firewall rules to limit network access to TCP port 912.
• Deploying secure remote access methods such as Virtual Private Networks (VPNs) for remote access.