Wednesday, December 29, 2010

DHS Addresses Two Ecava IntegraXor Vulnerabilities

Yesterday evening the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) took the unusual action of publishing two documents on vulnerabilities in the same SCADA system, the Ecava IntegraXor. The first is a follow-up to an earlier Alert and the second is a new alert about a newly reported vulnerability.

Directory Traversal Vulnerability

Last week ICS-CERT published an alert about a directory traversal vulnerability in the Ecava IntegraXor Human Machine Interface (HMI). At the time of the alert there were no specific mitigation measures available to respond to the vulnerability. Yesterday ICS-CERT published an Advisory on this vulnerability providing newly released information on a patch (along with a point of contact for additional support information) made available by Ecava Sdn Bhd, the Malaysia-based software development company that provides the IntegraXor product.

Additionally ICS-CERT makes their routine recommendation to “Minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls and be isolated from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be used.” They also provided their standard risk assessment caveat for both this standard mitigation technique and the patch.

ICS-CERT notes that this vulnerability would allow an attacker with a low skill level to add an arbitrary path and files to the system and to read any file within the system. The vulnerability is exploitable using publicly available tools from a remote system.

DLL Hijacking Vulnerability

DHS published an Alert on a second vulnerability, this one dealing with a susceptibility to DLL hijacking attacks. The Alert reports that there are tools publicly available to exploit this vulnerability and that ICS-CERT is working with the Ecava on mitigation options. When more information becomes available, ICS-CERT will issue the appropriate advisories.

No comments:

/* Use this with templates/template-twocol.html */