ICS-CERT warns of high severity of the vulnerability

Jan 12, 2015 12:53 GMT  ·  By
InTouch Access Anywhere allows remote connection to HMI screens and dashboards
   InTouch Access Anywhere allows remote connection to HMI screens and dashboards

Schneider Electric released an update for Wonderware InTouch Access Anywhere Server to solve a stack-based buffer overflow problem an attacker could exploit remotely.

The product offers access to the HMI (human machine interface) for SCADA systems, which are a subset of industrial control systems (ICS), through a HTML5-compliant web browser, allowing engineers to monitor and control plant floor operations in real time.

The glitch is a 10 as per CVVS v2

The vulnerability affects versions 10.6 and 11 of the product, and it could permit execution of arbitrary code. Identified as CVE-2014-9190, leveraging it does not require authentication and an exploit could be carried out even by a low-skilled attacker.

According to an advisory from ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), at the moment there is no evidence of a public exploit created for this vulnerability.

The overall base score, as per the latest version of the Common Vulnerability Scoring System (CVVS v2), has been set to the maximum of 10. This means that administrators should proceed to apply the update supplied by the manufacturer with the utmost urgency.

A score this high accounts for complete impact as far as confidentiality, integrity and availability of the information is concerned.

ICS-CERT says that the stack-based buffer overflow condition could be triggered by requesting a nonexistent file.

Some mitigation measures exist, apart from patch

The security update provided by the company should be available to all registered users. If the patch cannot be applied right away, ICS-CERT suggests minimizing the network exposure and separating it from systems that have access to the Internet.

Isolating all machines that are behind a firewall from the business network is another precaution that should be considered by manufacturers.

On the same note, resorting to VPN (Virtual Private Network) connections when accessing the system remotely is on the list of good practices to ensure the safety of the ICS from outside attackers. It should be noted that the latest versions of VPN software should be used and that VPN is as safe as the connected devices.