Wednesday, February 29, 2012

Late Robo-SCADA Vulnerability Advisory

Yesterday ICS-CERT published an advisory for a buffer overflow vulnerability in a number of ABB products associated with the control of industrial robots. The vulnerability was initially reported by Luigi and was coordinated through the Zero Day Intiative (ZDI). The vulnerability could allow a relatively low skilled attacker to execute a denial of service attack on the robot controllers while a skilled attacker could exploit the vulnerability to execute arbitrary code on the system. ABB has released a patch for the problem.

In short this is essentially your standard HMI buffer overflow situation on a specialized SCADA system. The only odd thing about this advisory is the timing. ZDI took care of the coordination between the vendor and the researcher (the same type thing that ICS-CERT does regularly) and published their report on the vulnerability after ABB made their patch available and contacted their customers. That was a week ago today.

Based upon past history we would have expected to see this advisory a day or two later. Okay, so maybe they missed it. Dale Peterson noted the ZDI report in his Friday News & Notes on Digital Bond last week. Missing both mentions is a bit of a stretch. Unfortunately, ICS-CERT hasn’t provided any explanation for the delay in releasing this advisory.

No comments:

/* Use this with templates/template-twocol.html */