Four different remotely exploitable vulnerabilities were recently discovered and patched in a popular SCADA server.
The vulnerabilities exist in some versions of IntegraXor, a SCADA server manufactured by Ecava Sdn Bhd, a Malaysian-based software company.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) disclosed the vulnerabilities, which were first brought to light back in August, in an advisory on Thursday.
Essentially the biggest problem is that if left unpatched, an attacker could read and modify files and database records on the SCADA database, something that in turn could give them full access.
ICS-CERT warns that attackers could create a large file on the server and cause a denial of service attack, overwrite potentially sensitive files and even create new, malicious files that could later be executed via a CSRF attack against users.
In addition to file read/write ability, attackers could also use the vulnerabilities to manipulate SQL queries and disclose information, like the full path names of files on the system.
Independent security researchers Andrea Micalizzi, via Zero Day Initiative, and Alain Homewood discovered and reported the vulnerabilities, all of which can be exploited remotely.
Homewood, a New Zealand-based researcher at PricewaterhouseCoopers’ Security and Technology division, tested the patch to verify that it addressed the vulnerabilities, according to ICS-CERT.
These specific servers are native web SCADA systems used across 38 different countries including the U.S., U.K., Australia and Canada according to the advisory. The software is primarily used in the industrial automation field, especially firms in charge of sewerage, railways, telecom, and heavy engineering.