ICSA-16-140-01A: Intuitive 650 TDB Controller Privilege Escalation and CSRF Vulnerabilities

Key Information Summary Vulnerability Title: Resource Data Management Intuitive 650 TDB Controller Vulnerabilities (Update A) Update Date: December 22, 2016 Alert Code: ICSA-16-140-01A Overview This updated alert is a follow-up to the original announcement ICSA-16-140-01 Resource Data Management Intuitive 650 TDB Controller Vulnerabilities. The vulnerabilities mentioned in the alert issued on May 19, 2016, have been confirmed by independent researcher Maxim Rupp to include privilege escalation and Cross-Site Request Forgery (CSRF) vulnerabilities in the Intuitive 650 TDB Controller. Resource Data Management has released a new version to mitigate these vulnerabilities. These vulnerabilities may be exploited remotely. Affected Products Affected versions of the Intuitive 650 TDB Controller: Intuitive 650 TDB Controller Version 2.1 and earlier Impact Privilege escalation allows attackers to gain elevated access to resources typically protected by the application or user, including the ability to modify logs and parameters. CSRF attacks may enable a web browser to perform unintended actions on a trusted site where the user is currently logged in. Vulnerability Characteristics Vulnerability Overview Privilege Escalation (CWE-269: Improper Privilege Management) - Severity: CVE-2016-4505NVD, CVSS v3 Base Score: 8.8 Cross-Site Request Forgery (CWE-352: CSRF) - Severity: CVE-2016-4506NVD, CVSS v3 Base Score: 8.0 Vulnerability Details Exploitability: These vulnerabilities may be exploited remotely. Known Exploits: No known public exploits specifically targeting these vulnerabilities. Difficulty**: Attackers with low skill level can exploit these vulnerabilities. Mitigation Resource Data Management has developed RDM TDB Control Editor 2 (v2.1.24), which fixes both vulnerabilities. Users can download version 2.1.24 from their website to update. Additionally, ICS-CERT recommends users implement defensive measures to minimize the risk of exploitation, including: Reducing network exposure of all control system devices and systems, ensuring they are not accessible from the internet. Placing control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use secure methods such as Virtual Private Networks (VPNs), while recognizing that VPNs may have vulnerabilities. Organizations should conduct appropriate impact analysis and risk assessment before deploying defensive measures.

Goal Reached Thanks to every supporter — we hit 100%!

ICSA-16-140-01A: Intuitive 650 TDB Controller Privilege Escalation and CSRF Vulnerabilities