Saturday, July 2, 2011

ICS-CERT Publishes 3 Advisories

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published three new advisories for vulnerabilities identified in SCADA systems from two different vendors; Siemens and Iconics. The three advisories address vulnerabilities significantly different than the standard run of HMI vulnerabilities that we have become used to seeing.

Siemens Vulnerabilities

The Siemens advisory deals with exploitable crash vulnerabilities in the WinCC system. These vulnerabilities are not related to those Siemens vulnerabilities identified by Dillon Beresford that caused so much controversy back in May. A restricted access version of this advisory was previously published on the US-CERT site.

According to ICS-CERT this vulnerability could be exploited by a moderately skilled attacker and potentially result in execution of arbitrary code. An attacker would need to employ a social engineering vector to get a user to load a corrupted file.

Siemens has released a patch for the identified vulnerabilities.

ICONICS Vulnerabilities

Two separate advisories were published for vulnerabilities in the ICONICS GENESIS32 and BizViz systems. The first details a vulnerability in the ActiveX control that allows an arbitrary domain to be set to the trusted zone. The second describes a vulnerability in the Security Login Controls that could allow execution of arbitrary code or denial of service. The reason for the separate advisories is that these vulnerabilities are found in different version of the systems.

The trusted zone vulnerability is remotely exploitable. A moderately skilled attacker could create the website required to exploit this vulnerability. There is no known publicly available exploit of this vulnerability. An upgrade is recommended but a patch is also available on the ICONICS web site.

The login control vulnerability requires the creation of a specifically crafted password to exploit. A low skill level attacker could exploit this vulnerability to execute a denial of service attack, but more skill would be required to use the vulnerability to execute arbitrary code. Both types of exploits can be implemented remotely. Again a system upgrade is recommended but a patch is available.

ICONICS has updated their security whitepaper to reflect both of these vulnerabilities. Both patches and the white paper are available on the ICONICS web site.

Coordinated Disclosures

All three of these advisories were based upon vulnerabilities reported by the same pair of independent security researchers; Billy Rios and Terry McCorkle. ICS-CERT received the reports and coordinated their release with the vendors. The researchers have validated the patches.

No comments:

/* Use this with templates/template-twocol.html */