Wednesday, December 7, 2011

ICS-CERT Advisories on Two International SCADA Systems

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published advisories for two different industrial control systems from European companies; ARC Informatique and Sielco Sistemi. Both alerts deal with HMI related vulnerabilities.

ARC Informatique

This advisory provides updated information on an ICS-CERT alert issued in September for multiple ActiveX vulnerabilities in their PcVue system. The original alert was based upon an uncoordinated Luigi disclosure, but another researcher, Kuang-Chun Hung of Security Research and Service Institute Information and Communication Security Technology Center (ICST), had also initiated a coordinated disclosure on one of the vulnerabilities. Both researchers received credit in this advisory.

The four vulnerabilities identified in the initial alert have been verified and corrected by a patch provided by ARC Informatique. According to ICS-CERT it would take a moderately skilled attacker, using a social engineering style attack to successfully exploit these vulnerabilities

Sielco Sistemi

This advisory follows a limited distribution version that was made available on October 25th. Independent researcher Paul Davis identified a buffer overflow vulnerability in the Winlog HMI system. This vulnerability can only be exploited through a corrupted project file and could result in a system crash or execution of arbitrary code. New versions of the affected programs are available from the vendor.

CVE Link Problems

ICS-CERT continues to have problems with the links to the NIST CVE listings for these vulnerabilities. None of the CVE links published in these two advisories worked this morning. The error message for the Sielco Sistemi vulnerability said the CVE number did not exist and the ones for the ARC Informatique vulnerabilities said that the link did not provide a properly formatted CVI number.

I’m not sure if the problem is an ICS-CERT or an NIST problem, but it continues to plague the links in the ICS-CERT advisories.

No comments:

/* Use this with templates/template-twocol.html */