Friday, November 12, 2010

New Update on Intellicom’s Netbiter WebSCADA Vulnerabilities

This afternoon the DHS ICS-CERT published an advisory on their Control System Security Program page providing updated information on the Intellicom Netbiter WebSCADA vulnerabilities that they originally published an alert on last month.

The updated information includes the fact that the three vulnerabilities identified require the use of superadmin privileges. This would be very easy to obtain if the default logon and password is used on the system, meaning that it would not take much in the way of cyber skills to exploit these vulnerabilities. The Advisory notes that:

“The default user in Netbiter products has superadmin privileges. Therefore, ICS-CERT strongly recommends that customers change the default password immediately when commissioning the product.” (pg 3)
The vulnerabilities affect Intellicom Netbiter products based on the NB100 and NB200 platforms, including:

• WebSCADA (WS100)
• WebSCADA (WS200)
• Easy Connect (EC150)
• Modbus RTU – TCP Gateway (MB100)
• Serial Ethernet Server (SS100).
A software update is being evaluated by Intellicom to correct one of the vulnerabilities, but it is not yet available for distribution.

In addition to changing default passwords immediately, DHS ICS-CERT recommends that:

• Provide only the necessary privileges to non-administrator users of the product (least privileges mode of operation).
• Place all control systems assets behind firewalls and isolated from the business network and the Internet.
• Deploy secure remote access methods such as Virtual Private Networks (VPNs) for remote access.
• Remove, disable, or rename any default system accounts (where possible).
• Implement account lockout policies to reduce the risk from brute forcing attempts.
• Implement policies requiring the use of strong passwords.
• Monitor the creation of administrator level accounts by third-party vendors.
Finally ICS-CERT reminds organizations that proper impact analysis and risk assessment should be performed prior to taking defensive measures.

No comments:

/* Use this with templates/template-twocol.html */