ICS-CERT notes that exploit code for this vulnerability has been published and expects that an attacker with a moderate skill level could remotely exploit this vulnerability. The buffer-overflow vulnerability could lead to a denial of service (DOS) or potentially allow an attacker to execute arbitrary code.
ICS-CERT recommends the following mitigation measures:
● “Install the patch when it is released. ICS-CERT will provide an update to this Advisory when a patch is released.As always ICS-CERT provides their standard caveat about applying defensive measures; “ICS-CERT reminds organizations that proper impact analysis and risk assessment should be performed prior to taking defensive measures.”
● “Minimize network exposure for all control system devices. Control system devices should not directly face the Internet. 2
● “Control system networks and devices should be located behind firewalls and isolated from the business network. Access to TCP Port 9001 should be restricted. If remote access is required, secure methods such as Virtual Private Networks (VPNs) should be utilized.
The advisory notes that Invensys has a Cyber Security Updates site, but does not provide a link to that site. There is no mention that I could find of such a site on their publicly accessible web pages; if it exists it is behind the registered user barrier. [NOTE: I just got an email from CERT SOC, they provided the missing link; http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx and noted that the Advisory will be corrected tomorrow. 8:49 pm EST]
ICS-CERT will update this advisory when a patch is released.
Posts
No comments:
Post a Comment