Vulnerable utility control systems warning

USA DHS and ICS-Cert (Industrial Control Systems) have issued another advisory for vulnerable control systems that could be taken over by rogue attackers. These systems have web access points, web servers at port 80, that an attacker can send a carefully crafted request to and gain access and gain control of the system being controlled.

This warning applies to a popular industrial control system, Tridium Niagara AX, which has some default settings that allow the attack to happen and the attackers to get the credential storage and then take control of the system. These problems include not having proper security applied to some directories, poor encryption, session cookie vulnerabilities, and predictable session ids all allowing remote attack.

There are exploits available in the wild, so if you have or know someone who has these systems they should head to tridium.com check that their system needs patching and patch, properly configure their systems, and until then shut down the web interface.

Advertisements

About echlinm

Computer Programmer/Systems Analyst/Hacker S31
This entry was posted in Computers and Internet, Security and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s