ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

Friday, May 18, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

ICS-CERT is aware of a public report of multiple vulnerabilities affecting Pro-face Pro-Server, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.

The vulnerabilities include invalid memory access, buffer overflow, unhandled exception, and memory corruption, with proof-of-concept (PoC) exploit code.

According to this report, these vulnerabilities are exploitable via specially crafted packets. This report was released by researcher Luigi Auriemma on his website without coordination with either the vendor or ICS-CERT.

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. No patch is currently available for these vulnerabilities.

This ICS-CERT alert provides early notice of the report and identifies baseline mitigations for reducing risks to these and other cybersecurity attacks. The report included vulnerability details and PoC exploit code for the following vulnerability:

Vulnerability Type:  Invalid Memory Access
Exploitable:  Can be exploited remotely
Impact:  Denial of Service / Possible Remote Code Execution

Vulnerability Type:  Integer Overflow
Exploitable:  Can be exploited remotely
Impact:  Denial of Service / Possible Remote Code Execution

Vulnerability Type:  Unhandled Exception
Exploitable:  Can be exploited remotely
Impact:  Denial of Service / Possible Remote Code Execution

Vulnerability Type:  Memory Corruptions
Exploitable:  Can be exploited remotely
Impact:  Denial of Service / Possible Remote Code Execution

Please report any issues affecting control systems in critical infrastructure environments to ICS-CERT.

Pro-face is a North American company that creates hardware and software products found in industrial, oil and gas, food and beverage, and water and wastewater industries. According to their Web site, Pro-Server EX is a data management server that collects information generated by a SCADA system and generates reports.

MITIGATION

ICS-CERT is attempting to coordinate with the vendor and security researcher to identify mitigations.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-137-01.pdf

Possibly Related Articles:
11701
SCADA
Industrial Control Systems
SCADA Vulnerabilities Exploits Proof of Concept ICS-CERT Industrial Control Systems human-machine interface IS Controls Pro-face Pro-Server EX
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.