ICS-CERT Publishes New Type Crain-Sistrunk Advisory

Today the DHS ICS-CERT published the latest version of the Crain-Sistrunk advisory; a buffer overflow vulnerability in the SUBNET SubSTATION Server 2, Telegyr 8979 Master application. The vulnerability was detected as part of the Automatak Project Robus use of a new fuzzer targeting Telegyr 8879 telecontrol protocol implementations. SUBNET has produced a hotfix for the vulnerability that Crain-Sistrunk have validated as successfully mitigating the vulnerability.

ICS-CERT reports that a moderate to highly skilled attacker could remotely exploit this vulnerability to execute a DOS attack. SUBNET discovered a closely related vulnerability during their investigation of the Crain-Sistrunk report. Both vulnerabilities are addressed by the hotfix.

NOTE: Since this is a critical infrastructure vulnerability, ICS-CERT published this vulnerability report on the US-CERT Secure Portal on July 15^th. If you are associated with electrical distribution network security you just might want to sign up for access to the US-CERT Secure Portal for early notification of future Crain-Sistrunk Telegry 8879 vulnerability reports.