Today the DHS ICS-CERT published two advisories for multiple
vulnerabilities in Cogent Real-Time Systems and Rockwell FactoryTalk and RSLink
systems.
Cogent Advisory
This
advisory describes multiple vulnerabilities reported by Dillon Beresford in
the Cogent Real-Time Systems DataHub. The vulnerabilities include:
• Improper input validation, CVE-2013-0681;
• Buffer overflow, CVE-2013-0680;
• Invalid pointer, CVE-2013-0683;
and
• Improper exception handling, CVE-2013-0682.
ICS-CERT reports that a relatively low skilled attacker
could remotely execute denial of service attacks while a more skilled attacker
may be able to execute arbitrary code. Actually the invalid pointer only affects
DataSim or DataPid demonstration tools and not the Data Hub.
Cogent has provided a number of suggestions for port
settings, firewall suggestions and turning off the web server to isolate the
reported vulnerabilities. They also suggest upgrading to newer versions of the
applications that do not have the reported vulnerabilities. This dual path for
mitigations provides owners with options for effecting the most cost effective
mitigation measures for their particular operation.
BTW: There is no mention of whether or not Beresford or
ICS-CERT has verified that the updated versions of these applications actually
eliminate the reported vulnerabilities.
Rockwell Advisory
This
advisory describes multiple vulnerabilities in Rockwell Automation’s
FactoryTalk Services Platform and RSLinx Enterprise Software reported by Carsten
Eiram of Risk Based Security.
The vulnerabilities include:
• Integer overflow – negative integer,
CVE-2012-4713;
• Integer overflow – over-size
integer, CVE-2012-4714;
• Improper exception handling, CVE-2012-4695;
and
• Buffer overflow, CVE-2012-4715.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit these vulnerabilities to execute a DoS attack and
perhaps execute code insertion. The advisory notes that Rockwell has produced
(and self-validated) patches for newer versions of the software and recommends
upgrading from older versions that will not be patched.
This is the classic upgrade/patch response to control system
vulnerabilities. Unfortunately it is not always easy or even possible to patch
or upgrade software in a control system in a timely manner. This is why the
Cogent response is a more user friendly method of vulnerability mitigation
Posts
No comments:
Post a Comment