Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2013

Help Centre

Reporting Channels

Definitions of Incidents

Cyber999 - Service Level Agreement

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2011

MA-275.032011 : MyCERT Alert – Exploits Released Targeting Multiple SCADA Systems Software

Date of publication: 2011-03-24

1.0 Introduction

MyCERT has observed several independent researchers have published multiple vulnerabilities with exploit code for a number of Supervisory Control and Data Acquisition (SCADA) products and all of them are remotely exploitable.

2.0 Impact

Successful exploitation could allow the attacker to execute arbitrary code and might lead to unauthorized disclosure of information, unauthorized modification and also disruption of service (DoS). The real impact depends on the criticality and nature of the systems deployed.

3.0 Affected Products

The vulnerabilities discussed in recent disclosure affect the following products:

Siemens Tecnomatix FactoryLink version 8.0.1.147 and below
Iconics Genesis32 version 9.21 and below
Iconics Genesis64 version 10.51 and below
7-Technologies IGSS version 9.00.00.11063 and below
RealFlex Technologies DATAC RealWin version 2.1 (Build 6.1.10.10) and below
Advantech/BroadWin WebAccess
Ecava IntegraXor

4.0 Recommendations

Users of Ecava IntegraXor can obtain the patch, Ecava IntegraXor (Build 4050), which addresses this vulnerability at the following link:

http://www.integraxor.com/download/rc.msi

For more information, please contact Ecava support at support@integraxor.com

As of the writing of this advisory, only Ecava has released the security patch for the vulnerability. However, users of other products are recommended to:

Minimize network exposure for all control system devices
Locate the control system devices into the network that is not directly face the Internet
Locate the control system networks and devices behind firewalls and isolate them from the business network
If remote access is required, employ secure methods such as Virtual Private Networks (VPNs)
Closely monitor the network activity for any abnormal behavior. A few IDS vendor with the collaboration from the independent/group researcher have come out with the signature that can detect most of these exploits
Follow the Control System Security Program (CSSP) Recommended Practices, by US CERT. The document is available at the following URL:

http://www.uscert.gov/control_systems/practices/Recommended_Practices.html

MyCERT would also advise users to have their operating system and antivirus software up-to-date to prevent the attack vector that might come from malware.

Lastly, MyCERT would like to advise the users of these vulnerable applications to be vigilant of the latest security announcements by the respective vendors and ensure that the software are up-to-date.

MyCERT can be reached through the following channels for further assistance:
E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References