This afternoon the DHS ICS-CERT published two control system
advisories for systems from Eaton’s Cooper and Moxa.
Eaton’s Cooper
Advisory
This advisory
describes an IEEE conformance issue involving improper frame padding in Eaton’s
Cooper Power Systems Form 6 controls and Idea/IdeaPLUS relays equipped with
Ethernet. The vulnerability was reported by David Formby and Raheem Beyah of
Georgia Tech. An updated version of the systems (associated with another recent
ICS-CERT Advisory) has been confirmed by the researchers to be free of the
vulnerability.
ICS-CERT reports that a relatively unskilled attacker with
network access to unencrypted packets would be able to read the leaked data.
This advisory was published on the US CERT Secure Portal on
October 22nd, 2015. Again, the early notification is available to
all critical infrastructure owners and legitimate researchers granted access by
ICS-CERT. See bottom of the ICS-CERT
landing page for information on how to apply for this access.
This is the second advisory for this sort of issue. Both
were based upon reports by Formby and Beyah. How many more systems will they
find with this vulnerability? Who knows, perhaps vendors should start looking
themselves? Or not. Maybe Formby and Beyah can build a startup business on
their technique for finding this vulnerability and then expand it into other
areas of vulnerability research. I seem to recall another team that started out
in a similar manner.
BTW: Eaton’s Cooper calls
this a TCP/IP protocol stack vulnerability. It sounds a little bit more
impressive, but perhaps not quite as descriptive.
Moxa Advisory
This advisory
describes two vulnerabilities in the Moxa OnCell Central Manager Software. The
vulnerabilities were reported through the Zero Day Initiative by Andrea
Micalizzi. Moxa has produced a new version but there is no indication that Micalizzi
has been provided an opportunity to verify the efficacy of the fix.
The two vulnerabilities are:
• Use of hard-coded credentials - CVE-2015-6481;
and
• Authentication by-pass issues - CVE-2015-6480.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit these vulnerabilities to gain full system access.
BTW: The Moxa release
notes on the new version do list the authentication by-pass issue, but does
not mention the hard-coded credentials
Posts
No comments:
Post a Comment