Security Market Segment LS
Monday, 30 May 2016 22:41

A SCADA system that cannot be patched

By

ICS-CERT has advised of a vulnerable SCADA system currently in use that cannot be patched.

On February 18 2015, security researcher Maxim Rupp advised Environmental Systems Corporation (ESC) that their 8832 Data Controller was subject to two vulnerabilities.

According to the advisory there exist privilege management and authentication bypass issues. All models with version 3.02 and earlier are affected.

The first vulnerability would permit an attacker to gain admin access simply by forcing a parameter in the administration URL; the second gives the attacker the ability to modify the device's configuration.

The advisory states, "ESC has stated the ESC 8832 Data Controller has no available code space to make any additional security patches; so, a firmware update is not possible. ESC has released an advisory that identifies compensating controls to reduce risk of exploitation of the reported vulnerabilities."

Further, "ESC's recommendation for mitigation is to upgrade the device. Alternatively, block Port 80 with a firewall in front of the device. Another alternative is to educate operators and users to not use the web interface for device management, because there are other means to manage the device."

In other words, the vulnerability is easy to fix, but the patches cannot be applied as there isn't any free code-space to store them.

Just to compound the situation, exploit code is already available online.

The manufacturer of this device ceased making it in 2013 and support is due to expire on 1 January 2019, so users should already be seriously considering an upgrade to the newer ECS 8864 version.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments