Industry News

Power Plant Controllers Deemed Vulnerable Beyond Repair

Power plant controllers have been deemed vulnerable to remote exploits, allowing potential attackers to gain control of the networks and modify system configurations.

The flaw, publicly reported and documented by independent researcher Maxim Rupp, affects the Environmental Systems Corporation 8832 data controller for versions 3.02 and older. Because the affected systems do not support additional code space for patching or firmware upgrade, fixing the found vulnerabilities is no possible.

“Successful exploitation of these vulnerabilities may allow attackers to perform administrative operations over the network without authentication,” said the US Computer Emergency Response Team. “Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.”

The vulnerability is also believed to be easily exploitable even by attackers with low skill levels, and mitigating the risk involves completely removing the affected devices from the infrastructure or restricting them from being accessed from outside the local network.

“Due to the predictable session generation and due to the lack of cookie based authentication in the web interface, it was confirmed that an attacker from a different source IP address can issue valid requests, impersonating the authenticated user,” reads the published exploit code. “The attack complexity is very low, no special software is required.”

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.