ICS-CERT Publishes Two Advisories

This morning the DHS ICS-CERT published two new control system advisories; one for Moxa SoftCMS and the other for Beckwith Electric TCP.

Moxa Advisory

This advisory describes a buffer overflow vulnerability in the SoftCMS software package that manages large scale surveillance systems. The vulnerability was reported through HP’s Zero Day Initiative (ZDI) by Ariele Caltabian. Moxa has developed a new version that mitigates the vulnerability but there is no indication that Caltabian has been given the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability to execute arbitrary code.

Beckwith Electric Advisory

This advisory describes a TCP initial sequence numbers vulnerability in two of Beckwith Electric’s digital voltage regulator controllers. The vulnerability was initially reported by Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech in two devices. Subsequent work by Beckwith Electric disclosed similar vulnerabilities in four other devices. Beckwith has produced firmware updates for five of the six devices and the researchers have verified the efficacy of the fix in the original two devices. A separate mitigation measure is being made available for the other device (the M-6280 Digital Capacitor Bank Control).

ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to spoof a TCP connection to the device.

As always I would like to commend Beckwith Electric for taking the extra effort to uncover similar vulnerabilities in other devices. This indicates a proactive approach to control system security design.