RIoT Solutions has identified a vulnerability in software commonly deployed in industrial environments, such as Chemical, Communications, Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems.
Successful exploitation of these vulnerabilities could allow execution of arbitrary code.
Security consultant Mark Cross identified these vulnerabilities in Trihedral Engineering Limited’s VTScada HMI and SCADA software.
On the 05th August 2017 he discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary code on the targeted system.
The VTScada HMI and SCADA software “provides you with a refreshingly intuitive platform for creating highly-customized industrial monitoring and control applications that end users can trust and use with ease. A wide variety of industries around the world use VTScada for mission-critical applications of every size”. According to Trihedral Engineering Limited, the VTScada HMI and SCADA software used by thousands of global installations, powering the industrial world.
The Department of Homeland Security’s ICS-CERT advisory (ICSMA-17-304-02) can be found here.
Mark has also provided more detail in his blog located https://www.mogozobo.com/?p=3409