There is an improper input validation vulnerability in all versions of the Nari PCS-9611 relay, a control and monitoring unit, according to a report from ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability discovered by Kirill Nesterov and Alexey Osipov from Kaspersky Labs, could allow a remote attacker arbitrary read/write abilities on the system. Public exploits are available.
An attacker with low skill level could leverage the vulnerability.
An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.
CVE-2018-5447 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the energy sector and throughout Asia.
ICS-CERT reached out to China-based Nari and CNCERT but has not received a response.
ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.