ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

Wednesday, February 08, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

 

ICS-CERT originally released Advisory ICSA-12-013-01P on the US-CERT secure portal on January 13, 2012. This web page release was delayed to allow users time to download and install the update.

Researcher Kuang-Chun Hung of the Security Research and Service Institute Information and Communication Security Technology Center (ICST) has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system.

ICS-CERT has coordinated with Ing. Punzenberger COPA-DATA GmbH, which has produced an updated software release that resolves these vulnerabilities. ICST has tested the new release and verified that it fully resolves these vulnerabilities.

AFFECTED PRODUCTS

The following product and version is affected: Ing. Punzenberger COPA-DATA GmbH zenon 6.51 SP0.

IMPACT

Successful exploitation of these vulnerabilities may allow an attacker to execute a DoS attack and potentially execute arbitrary code.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.

BACKGROUND

According to Ing. Punzenberger COPA-DATA GmbH, zenon is an HMI that offers a graphical visualization system that runs entirely under Windows. The zenon product is used by companies worldwide for equipment automation in the automotive, energy and infrastructure, food and beverage, and pharmaceutical industries.

The Ing. Punzenberger COPA-DATA GmbH distribution network includes offices in Austria (for Central and Eastern Europe), France, Germany, Italy, Korea, Portugal and Spain, Sweden, the UK, and the USA.

DENIAL OF SERVICE VULNERABILITY 1

A vulnerability exists that may allow an attacker to cause a DoS and possibly execute arbitrary code if the attacker sends a specially crafted packet to zenAdminSrv.exe on Port 50777/TCP. The vendor has assigned Reference Number 25240 to the available update. CVE-2011-4533 has been assigned to this vulnerability.

DENIAL OF SERVICE VULNERABILITY 2

A second vulnerability exists that could allow an attacker to crash the ZenSysSrv.exe service resulting in a DoS and possibly allow arbitrary code execution. This vulnerability can be exploited by connecting and disconnecting multiple times to the ZenSysSrv.exe service on Port 1101/TCP. The vendor has assigned Reference Number 25212 to the available update. CVE-2011-4534 has been assigned to this vulnerability.

EXPLOITABILITY

These vulnerabilities are remotely exploitable.

EXISTENCE OF EXPLOIT

No known exploits specifically target these vulnerabilities.

DIFFICULTY

An attacker with a low skill level can create the DoS; executing arbitrary code would require a more skilled attacker.

MITIGATION

Ing. Punzenberger COPA-DATA GmbH recommends that customers take the following actions in order to prevent successful exploitation of these vulnerabilities:

• Properly configure network access to Ports 1101/TCP and 50777/TCP.

• Disable the ZenSysSrv.exe service. This service should only be enabled when necessary and disabled immediately after being used.

• Install the Ing. Punzenberger COPA-DATA GmbH update. Customers can obtain the update for their systems from their local support source by referring to either Reference Number 25212 or 25240.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf

Possibly Related Articles:
8962
SCADA
Industrial Control Systems
Denial of Service SCADA Vulnerabilities DoS Remote Access Exploits Headlines Mitigation Malicious Code Advisory ICS ICS-CERT Industrial Control Systems Kuang-Chun Hung Punzenberger COPA-DATA HMI
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.