Your one-stop web resource providing safety and security information to manufacturers

Horner Automation has an improper input validation vulnerability in its Cscape, according to a report with NCCIC.

Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read confidential information, and may allow an attacker to remotely execute arbitrary code.

RELATED STORIES
ABB Mitigation Plan for M2M ETHERNET
ABB Mitigation Plan for CMS-770
Siemens Fixes TIM 1531 IRC Module Hole
3S-Smart Software Fixes CODESYS V3 Line

Control system application programming software, Cscape Version 9.80.75.3 SP3 and prior suffer from the vulnerability.

As of right now, there are no mitigations in place to handle to vulnerability, which an attacker with low skill level could leverage.

Cyber Security

However, NCCIC does recommend users take defensive measures to minimize the risk of exploitation of this vulnerability. Users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Pin It on Pinterest

Share This