In late July 2017, Security Consultant Mark Cross from RIoT Solutions discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary code on the targeted system.
The below information outlines the coordinated disclosure details for five out of the seven software applications Mark found vulnerabilities in. The other two, and potentially more will be disclosed in due course.
The following AutomationDirect products are affected:
- CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior
- C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior
- C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior
- GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior
- SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 220.127.116.11 and prior
Coordinated disclosure regarding the identified vulnerability was undertaken with AutomationDirect and The US Department of Homeland Security’s ICS-CERT. ICS-CERT have published the findings under Advisory ICSA-17-313-01, and allocated CVE-ID CVE-2017-14020.
Mark has also provided more detail in his blog located at https://www.mogozobo.com/?p=3432