This morning the DHS ICS-CERT published a new advisory
for a predictable TCP sequence vulnerability in Eaton’s Cooper Power Systems
controls and relays. The vulnerability was initially reported by Dr. Raheem
Beyah, David Formby, and San Shin Jung of Georgia Tech. Eaton’s Cooper has
produced a patch to mitigate the vulnerability and ICS-CERT reports that the
researchers have validated the efficacy of the patch.
ICS-CERT reports that a skilled attacker could remotely
exploit this vulnerability to execute a
man-in-the-middle attack.
The Eaton’s Cooper advisory
notes that by “ensuring that controls are not accessible from external
networks and that appropriate physical security measures are provided at
network access points, any risks associated with this vulnerability are greatly
minimized”. They also note that the “vulnerability could allow for the
potential of spoofing attacks and session hijacking”.
ICS-CERT reports that they had released this advisory to the
US-CERT Secure Portal on January 6th. The company advisory was not
issued until July 6th after the patches had been made available. The
fact that the advisory was issued on the Secure Portal so early in the
coordination process indicates how serious this vulnerability can be. And this
reinforces the need for system owners to regularly check the Secure Portal for
information on critical vulnerabilities.
BTW: The Schneider
update is still not listed on the ICS-CERT landing page. I
wonder what is going on. The updated advisory
is available; it is just not listed.
Posts
No comments:
Post a Comment