Saturday, October 8, 2011

ICS-CERT Updates Info on Two More Luigi Vulnerabilities

On Friday afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published two Advisories providing updated information on vulnerabilities in two products identified last month in the latest series of Luigi disclosures. The two systems are the Beckhoff TwinCAT and the Cogent Data Hub.

Beckhoff


ICS-CERT explains that a “read access violation can occur when a specially crafted packet is sent to Port 48899\UDP” (page 2). This could allow a relatively low skill level attacker to use the publicly available exploit code to remotely execute a denial of service (DOS) attack. A patch is available from Beckhoff. [CVSS Base Score 5.0]

Cogent


The Advisory lists multiple vulnerabilities for various versions of the Cogent Data Hubs. The vulnerabilities include:

• Stack Unicode Overflow [CVSS Base Score 10.0]

• Directory Traversal [CVSS Base Score 5.0]

• Integer Overflow [CVSS Base Score 5.0]

• Source Disclosure [CVSS Base Score 5.0]

An attacker with relatively low skill levels could use the publicly available exploit code to remotely execute a DOS attack on the affected systems. Higher skill levels would be needed to execute arbitrary code on the systems. Cogent has provided multiple detailed mitigation strategies for these vulnerabilities including an upgraded version to be used “if running in an untrusted environment” (page 3).

Luigi Disclosure Status


Of the six control systems identified by Luigi in September ICS-CERT has now provided advisories on five. The only system that remains to be addressed is Progea Movicon with its multiple vulnerabilities. Actually a response time of less than a month to address system vulnerabilities is not bad.

Just to keep things interesting Luigi TWEETED last night that “I will release some new vulnerabilities in SCADA/industrial products on Monday 10th, so stay tuned and if you have suggestions I'm here”.

No comments:

 
/* Use this with templates/template-twocol.html */