Yesterday the DHS ICS-CERT published an advisory [an alert reader noted that this link is now dead, it seems that ICS-CERT has deleted just the original advisory, versions A and B are still available on the ICS-CERT web site. This may get corrected after the federal government funding is restored]for
an undisclosed function vulnerability in the Sixnet universal protocol. The
vulnerability was identified by Mehdi Sabraoui in a coordinated disclosure.
(NOTE: It appears that Mehdi will be discussing Sixnet testing at DerbyCon –
Friday, 9-27-13; 3:30).
ICS-CERT reports that a relatively unskilled attacker could
use the undocumented codes to remotely execute arbitrary code on the system.
The advisory notes that network access is required for exploitation, but the
vulnerable systems are designed for remote access.
The advisory notes that Sixnet has developed a new version
(4.8) of the RTU firmware (available through customer service) that requires
authentication before the newly identified ops codes can be used. There is no
indication that Sabraoui has verified the efficacy of the updated firmware. It
appears that older versions of the firmware are still available for download on
the Sixnet
web site.
Posts
No comments:
Post a Comment