ICS-CERT: Open Automation Software OPC Systems.NET Vulnerabilities

Friday, January 27, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

This Advisory is a follow-up to “ICS-ALERT-11-285-01—Open Automation Software OPC Systems.NET vulnerability” that was posted on the ICS-CERT website on October 12, 2011.

Independent researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept (PoC) exploit code. This public report was released without coordination with Open Automation Software, ICS-CERT, or any other coordinating entity known to ICS-CERT.

ICS-CERT has coordinated this vulnerability with Open Automation Software, and they have produced an update that resolves this vulnerability. Luigi Auriemma has tested the update and has confirmed that it resolves the vulnerability.

--------- Begin Update A Part 1 of 2 --------

On January 20, 2012, Digital Security Research Group publicly reported a buffer overflow vulnerability in a third-party ActiveX control in OPC Systems.NET. This public report was released without coordination with Open Automation Software, ICS-CERT, or any other coordinating entity known to ICS-CERT.

--------- End Update A Part 1 of 2 --------

AFFECTED PRODUCTS

All versions of OPC Sytems.NET prior to Version 5.0 are affected

IMPACT

A malformed packet could be sent remotely to cause a denial of service.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their control system environment, architecture, and product implementation.

BACKGROUND

Open Automation Software is a US-based company that provides .NET products for supervisory control and data acquisition (SCADA) and human-machine interfaces (HMI) applications.

According to Open Automation Software, OPC Systems.NET is an HMI application that is deployed across several sectors including manufacturing, information technology, energy, water and wastewater, defense, and others. Open Automation Software estimates that these products are used throughout the world with primary use in the United States.

VULNERABILITY OVERVIEW

MALFORMED PACKET VULNERABILITY

The vulnerability is exploitable by sending a malformed .NET Remote Procedural Call (RPC) packet to cause a denial of service through Port 58723/TCP. CVE-2011-4871 has been assigned to this vulnerability.

--------- Begin Update A Part 2 of 2 --------

BUFFER OVERFLOW VULNERABILITY

Third-party ActiveX component FlexGrid 7.1 is vulnerable to a buffer overflow attack. CVE-2012-0227 has been assigned to this vulnerability.

--------- End Update A Part 2 of 2 --------

EXPLOITABILITY

These vulnerabilities are remotely exploitable.

EXISTENCE OF EXPLOIT

Public exploits are known to target these vulnerabilities.

DIFFICULTY

Crafting working exploits for these vulnerabilities requires moderate skill.

MITIGATION

Open Automation Software has released OPC Systems.NET Version 5.0 that resolves the reported vulnerabilities by removing the vulnerable component. Customers with vulnerable versions of Open Automation Software OPC Sytems.NET should deploy the update, which is available at:

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf

Possibly Related Articles:
10600
SCADA
SCADA Vulnerabilities Exploits Buffer Overflow Mitigation ICS Active X ICS-CERT Industrial Control Systems Luigi Auriemma OPC Systems.NET Malformed Packet FlexGrid
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.