ICS Advisory

Newport XPS-Cx, XPS-Qx

Last Revised
Alert Code
ICSA-17-178-01

CVSS v3 7.5

ATTENTION: Remotely exploitable/low skill level to exploit.

Vendor: Newport

Equipment: XPS-Cx, XPS-Qx

Vulnerability: Improper Authentication

AFFECTED PRODUCTS

The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected:

  • XPS-Cx all versions, and
  • XPS-Qx all versions.

IMPACT

Successful exploitation of this vulnerability may allow an attacker to view and edit settings without authenticating by accessing a specific uniform resource locator (URL).

MITIGATION

Newport reports that this issue will be addressed in the next generation XPS-Dx controller.

NCCIC/ICS-CERT and Newport recommend that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

  • Not connect control components and control networks to an open network such as the Internet or an office network. Newport recommends putting control components and control networks behind a firewall.
  • Limit physical and electronic access to all automation components to authorized personnel only.
  • Change the default passwords before first use. This will reduce the risk of unauthorized access to systems.
  • Regularly change passwords. This will reduce the risk of unauthorized access to systems.
  • If remote access to control components and control networks is required, use a Virtual Private Network (VPN).
  • Regularly perform threat analyses. Check whether the measures taken meet company security requirements.
  • Use “defense-in-depth” mechanisms in the system’s security configuration to restrict the access to and control of individual products and networks.
  • Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from the business network.

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

No known public exploits specifically target this vulnerability.

VULNERABILITY OVERVIEW

An attacker may bypass authentication by accessing a specific uniform resource locator (URL).

CVE-2017-7919 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

RESEARCHER

Maxim Rupp identified the vulnerability.

BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

Newport