14 DAY TRIAL // At the beginning of 2013, Rapid 7 researcher Juan Vazquez identified a serious vulnerability in Honeywell Enterprise Buildings Integrator (EBI) R310 – R410.2, and industrial control platform used for security, access control, lighting, air conditioning, heating, ventilation and more.
After identifying the flaw, Rapid 7 notified both Honeywell and ICS-CERT.
“Exploitation of this vulnerability could allow partial loss of availability, integrity, and confidentiality. This vulnerability could affect systems deployed in the government facilities and commercial facilities sectors. This vulnerability could be exploited remotely,” ICS-CERT wrote in an advisory.
If exploited successfully, the vulnerability could be leveraged by an attacker to execute arbitrary code on affected EBI clients or EBI systems.
For the attack to work, the attacker must convince the victim to access a specially crafted HTML document.
“An attacker with a medium skill would be able to exploit this vulnerability. Social engineering is required to convince the user to visit the malicious site. This decreases the likelihood of a successful exploit,” ICS-CERT noted.
Experts haven’t found any evidence to suggest that the vulnerability is being exploited in the wild. However, Rapid 7 has integrated a module for the flaw in Metasploit.
Fortunately, Honeywell has responded quickly to the reports and has released a patch for the security hole. On the other hand, the patch, which disables HscRemoteDeploy.dll, is not easy to apply, so customers are advised to contact their local service representatives.
In addition to the patch, Honeywell has requested Microsoft to issue a kill bit for this particular .DLL file in an upcoming update to automatically disable the DLL on affected systems.
Rapid 7 has published additional technical details of the vulnerability. The security firm has also released a video which shows how the vulnerability can be exploited.
Here is the video:
