1 min read

Power Plant Controllers Deemed Vulnerable Beyond Repair

Liviu ARSENE

May 31, 2016

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Power Plant Controllers Deemed Vulnerable Beyond Repair

Power plant controllers have been deemed vulnerable to remote exploits, allowing potential attackers to gain control of the networks and modify system configurations.

The flaw, publicly reported and documented by independent researcher Maxim Rupp, affects the Environmental Systems Corporation 8832 data controller for versions 3.02 and older. Because the affected systems do not support additional code space for patching or firmware upgrade, fixing the found vulnerabilities is no possible.

“Successful exploitation of these vulnerabilities may allow attackers to perform administrative operations over the network without authentication,” said the US Computer Emergency Response Team. “Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.”

The vulnerability is also believed to be easily exploitable even by attackers with low skill levels, and mitigating the risk involves completely removing the affected devices from the infrastructure or restricting them from being accessed from outside the local network.

“Due to the predictable session generation and due to the lack of cookie based authentication in the web interface, it was confirmed that an attacker from a different source IP address can issue valid requests, impersonating the authenticated user,” reads the published exploit code. “The attack complexity is very low, no special software is required.”

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader