Incident Response, TDR, Vulnerability Management

Industrial software flaw could allow manipulation of energy processes

Researchers have discovered a potentially dangerous vulnerability impacting industrial automation software, which could allow an attacker to remotely manipulate communications used for critical energy processes.

On Wednesday, Seattle-based security firm IOActive released the details of the security issue affecting ProSoft Technology's RadioLinx ControlScape application software.

The software, primarily used with Schneider Electric and Rockwell Automation solutions, is implemented across an array of energy companies, including oil and gas, water and electric utilities, the firm revealed.

ProSoft Technology is a Bakersfield, Calif.-based business with an exclusive focus on industrial communication software, according to its website.

IOActive researchers, Lucas Apa and Carlos Penagos, discovered the vulnerability, which is essentially a weak encryption algorithm that authenticates users by generating random passphrases.

The algorithm leaves the software vulnerable to brute-force password attacks that could allow an attacker to remotely manipulate data sent from the ProSoft devices to industrial processes.

IOActive noted that, in one catastrophic scenario, the vulnerability could be exploited to dangerously overheat liquids or over-pressurize chemicals at a nuclear power plant.

Through their previous research, Apa and Penagos have shed light on other dangerous ICS vulnerabilities. At the Black Hat hacking conference in August, the duo demonstrated major ICS flaws that could allow an unauthorized group or user to compromise an industrial facility within a 40-mile range.

Last month, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) posted an advisory on its website warning users about the ProSoft vulnerability, which impacts versions of RadioLinx ControlScape released prior to FH v6.00.040. The flaw, CVE-2013-2803, which received a severity rating of 9.3 out of 10 on the Common Vulnerability Scoring System version 2 (CVSSv2), has an available firmware patch.

In a Wednesday interview with SCMagazine.com, Apa said that the patch wasn't particularly easy to employ.

“All the [impacted] devices should be connected to a PC to do a manual update,” Apa advised. “It's kind of hard to do, because you need to unplug it and connect it to the computer – it's not an over-the-air [update]. Before applying the patch, the operator has to power off the device."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.