7-Technologies IGSS Remote Memory Corruption

Overview

ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies (7T) by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.

7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.

Affected Products

This vulnerability affects all 7T Interactive Graphical SCADA System (IGSS) versions prior to 9.0.0.11143.

Impact

Successful exploitation of the reported vulnerabilities can allow an attacker to perform a number of malicious actions including denial of service (DoS) and arbitrary code execution. These actions can result in adverse application conditions and ultimately impact the process environment in which the SCADA system is deployed.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.

Background

7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.

7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including energy, manufacturing, oil and gas, and water.

Vulnerability Characterization

Vulnerability Overview

The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used. This can lead to an exploitable condition.

Vulnerability Details

Exploitability

This vulnerability can be remotely exploited by sending specially crafted code to the vulnerable ODBC service. If exploited, this vulnerability could allow the attacker to execute a malicious payload.

Existence of Exploit

No known public exploits specifically target this vulnerability.

Difficulty

These vulnerabilities require advanced skills to exploit.

Mitigation

ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:

• Upgrade to the latest version of IGSS. The latest version is available at: http://www.igss.com/download/licensed-versions.aspx (current users of 7T IGSS can use the “update” feature from within the application).
• 7T recommends placing the control system behind a properly configured firewall.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.