Wednesday, March 16, 2011

Two ICS-CERT Advisories Published

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published advisories for two SCADA systems; Progea’s Movicon 11 HMI and WellinTech’s KingView HMI. The vulnerabilities in both cases have been verified and patches are available.

Movicon 11 HMI

The vulnerability in this human machine interface (HMI) software may allow a remote attacker with moderate skill level to manipulate data or crash the server. There is no known exploit available for this vulnerability.

In addition to installing the available patch, ICS-CERT recommends consideration of the following mitigation measures:

• Implement firewall rules to limit network access to the Movicon system on Port 10651/TCP.

• Update Movicon to the latest Version 11.2.

• Minimize network exposure for all control system devices. Critical devices should not directly face the Internet.
KingView HMI

A stack-based buffer overflow vulnerability in this HMI software may allow a remote attacker with moderate skill level to execute arbitrary code. An exploit is publicly available for this vulnerability. ICS-CERT has listed this vulnerability under a different number than their previous alert on the KingView system, so it is apparently a separate vulnerability.

ICS-CERT recommends replacing the vulnerable .DLL file with the updated version available from WellinTech.

No comments:

/* Use this with templates/template-twocol.html */