DHS ICS-CERT Issues Ecava IntegraXor Advisory

Yesterday afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued an advisory about a buffer overflow vulnerability for the Ecava IntegraXor Human-Machine Interface (HMI). The vulnerability was discovered by Jeremy Brown, an independent security researcher and has been addressed by Ecava, who has released a patch to mitigate the vulnerability.

ICS-CERT notes that this stack based buffer overflow could allow an attacker with an intermediate skill level to remotely exploit the vulnerability, allowing the execution of arbitrary code. There is currently no known exploit published for this vulnerability.

ICS-CERT recommends the following mitigation measures after conducting a proper impact analysis and risk assessment:

• Update IntegraXor to the latest version and install the latest patch. For more information, customers can contact Ecava support at support@integraxor.com.
• Minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Control system networks and remote devices should be located behind firewalls, and be isolated from the business network. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.