Sunday, October 2, 2011

ICS-CERT Issues Three SCADA Advisories

On Friday afternoon the DHS Industrial Control System Cyber Emergency Response Team published three advisories on their web site. One was a follow-up to one of the earlier Luigi alerts while the other two were about new vulnerabilities in systems reported by security researchers in ‘properly’ coordinated disclosures. The three advisories deal with the following systems:

• Rockwell RSLogix
• InduSoft ISSymbol
• ICONICS GENESIS32

Rockwell RSLogix


This Advisory updates an earlier alert issued for the vulnerabilities reported by Luigi. Rockwell has developed patches for these denial of service vulnerabilities in two versions their Factory Talk Services Platform (CPR9 SR3 and SR4). Patches are under development for earlier versions of Factory Talk and for RSLogix. ICS-CERT will update this Advisory when those patches become available. [CVE-2011-3489; Base Score 5.0]

InduSoft ISSymbol


Dmitriy Pletnev of Secunia Research reported ActiveX control buffer overflow vulnerabilities in the InduSoft ISSymbol product and developed proof-of-concept exploit code for those vulnerabilities. The vulnerabilities allow a low skilled attacker to conduct DOS attacks while a more skilled attacker could execute arbitrary code. InduSoft has published an upgrade for the affected systems as well as a new service pack. [CVE-2011-0342; Base Score 10.0]

ICONICS GENESIS32


Independent researchers Billy Rios and Terry McCorkle have identified eight separate memory corruption vulnerabilities in components of the GENESIS32 HMI/SCADA product. A low skill level attacker could cause a system crash while a more skilled attacker could execute arbitrary code. This vulnerability would require a social engineering attack causing a user to open specially crafted files. ICONICS has produced patches to mitigate these vulnerabilities.

No comments:

 
/* Use this with templates/template-twocol.html */