This afternoon the DHS ICS-CERT published two advisories for
vulnerabilities in industrial control systems from Schneider Electric and Wind
River.
Schneider Advisory
This advisory
describes a fixed search path vulnerability (Schneider
calls it a binary planting vulnerability) in the Wonderware System
Platform. The vulnerability was reported by Ivan Sanchez of WiseSecurity Team.
Schneider has produced a patch to mitigate the vulnerability and according to
ICS-CERT Sanchez has verified the efficacy of the fix.
ICS-CERT reports that this vulnerability would require a
social engineering attack to get an authorized user to load a specially configured
DLL file. A successful exploit would allow execution of arbitrary code.
Wind River Advisory
This advisory
describes a TCP predictability vulnerability in the VxWorks operating system.
The vulnerability was reported by Raheem Beyah, David Formby, and San Shin Jung
of Georgia Tech. Wind River has produced patches for the vulnerability, but
there is no indication that the Georgia Tech team has been given the
opportunity to verify the efficacy of the fix.
ICS-CERT reports that VxWorks is used in a number of ICS
devices from a number of vendors. The VxWorks web site notes that
the operating system is used in drones, medical devices and consumer IOT
devices in addition to the ICS devices. ICS-CERT has contacted a number of
vendors about the vulnerability. To date only Schneider Electric has produced
a firmware patch to fix the VxWare vulnerability in some of their SAGE
RTUs. Additional updates to the advisory will be issued when additional vendor
information becomes available.
ICS-CERT reports that a moderately skilled attacker could
remotely exploit this vulnerability to spoof or disrupt TCP connections to the
affected devices. The Schneider
advisory [.PDF Download] for the Sage RTUs notes that a successful exploit
could allow a man-in-the-middle attack.
Posts
No comments:
Post a Comment