The updated information includes the fact that the three vulnerabilities identified require the use of superadmin privileges. This would be very easy to obtain if the default logon and password is used on the system, meaning that it would not take much in the way of cyber skills to exploit these vulnerabilities. The Advisory notes that:
“The default user in Netbiter products has superadmin privileges. Therefore, ICS-CERT strongly recommends that customers change the default password immediately when commissioning the product.” (pg 3)The vulnerabilities affect Intellicom Netbiter products based on the NB100 and NB200 platforms, including:
• WebSCADA (WS100)A software update is being evaluated by Intellicom to correct one of the vulnerabilities, but it is not yet available for distribution.
• WebSCADA (WS200)
• Easy Connect (EC150)
• Modbus RTU – TCP Gateway (MB100)
• Serial Ethernet Server (SS100).
In addition to changing default passwords immediately, DHS ICS-CERT recommends that:
• Provide only the necessary privileges to non-administrator users of the product (least privileges mode of operation).Finally ICS-CERT reminds organizations that proper impact analysis and risk assessment should be performed prior to taking defensive measures.
• Place all control systems assets behind firewalls and isolated from the business network and the Internet.
• Deploy secure remote access methods such as Virtual Private Networks (VPNs) for remote access.
• Remove, disable, or rename any default system accounts (where possible).
• Implement account lockout policies to reduce the risk from brute forcing attempts.
• Implement policies requiring the use of strong passwords.
• Monitor the creation of administrator level accounts by third-party vendors.
No comments:
Post a Comment