A vulnerability exists in a particular brand of SCADA software that if left unpatched, could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability.
The problem is an improper input validation vulnerability and exists in software by COPA-DATA, an Austrian industrial automation company.
Discovered by SCADA bug hunters Adam Crain of Automatak and Chris Sistrunk of Mandiant, specifically the vulnerability affects the Distributed Network Protocol (DNP3) driver in zenon, Windows-based industrial automation software used in SCADA systems.
According to the company, the software is used mostly in the energy and infrastructure industries, including water and waste-water treatment facilities in the U.S. and Australia but also in other countries across the globe.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which issued a warning about the vulnerability Tuesday, warns that both IP-connected and serial-connected devices could fall victim to the problem.
An attacker could either leverage the vulnerability by creating a malicious IP packet or by getting physical access to it via some keen social engineering.
Whichever vector an attacker winds up using, they could force the process control system to go into an “infinite loop, causing the process to crash.” From there someone would have to manually restart the system.
The company recently pushed a new build (11206) for zenon that addresses the vulnerabilities and its encouraging anyone running systems with it to update or upgrade accordingly.
Crain and Sistrunk have discovered a boatload of ICS vulnerabilities over the years, including 25 last October. Many of those vulnerabilities took aim at DNP3, a communications protocol primarily used by electric and water companies and SCADA systems.
Since DNP3 is not covered by North American Electric Reliability Corporation (NERC) regulations, vulnerabilities such as those dug up by Crain and Sistrunk — even though they’re sometimes quickly patched — illustrate how easy it could be for an attacker to wipe out equipment that relies on the protocol.