January 28, 2018 Karn Ganeshen

[ICS] Trihedral VTScada (more) Multiple Vulnerabilities

Vendor: Trihedral
Equipment: VTScada
Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element

ICS-CERT Advisory:
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02

CVE-ID:
CVE-2017-14029
CVE-2017-14031

AFFECTED PRODUCTS

Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:

  • VTScada 11.3.03 and prior.

BACKGROUND
Critical Infrastructure Sectors: Chemical, Communications, Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: North America, Europe
Company Headquarters Location: Canada


VULNERABILITY OVERVIEW

IMPROPER ACCESS CONTROL
A local, non-administrator user has privileges to read and write to the file system of the target machine.

The application is vulnerable to local privilege escalation. EVERYONE has FULL permissions over all the install files (*exe, *dll), therefore, it is possible for any local, authenticated, non-admin user to replace/modify original application files with malicious ones, and gain higher privileged access once an administrative user runs the application. Other vectors are possible as well.

CVE-2017-14031 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

UNCONTROLLED SEARCH PATH ELEMENT
The program will execute specially crafted malicious dll files placed on the target machine.

CVE-2017-14029 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

IMPACT
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

+++++

~Cheers

Tagged: , , , , , , , ,