Intellicom NetBiter WebSCADA Vulnerabilities

Low RiskICS-CERT ICSA-10-316-01AAug 15, 2010

Summary

Intellicom NetBiter WebSCADA and related products (WebSCADA WS100/WS200, Easy Connect EC150, Modbus RTU–TCP Gateway MB100, Serial Ethernet Server SS100) contain multiple critical vulnerabilities. These include arbitrary code execution (CWE-94), path traversal (CWE-22), insecure input validation (CWE-25), and other weaknesses (CWE-1392). All affected versions remain vulnerable with no patch available from the vendor. Successful exploitation allows remote attackers to gain administrative control, access sensitive data, and disrupt SCADA operations without requiring authentication.

What this means

What could happen

An attacker with access to these Intellicom devices could gain administrative control or execute arbitrary code, potentially disrupting SCADA monitoring and control of critical energy infrastructure.

Who's at risk

Energy utilities using Intellicom SCADA monitoring and gateway equipment should care about this advisory. Specifically: operators relying on WebSCADA (WS100, WS200) for supervisory control and data acquisition, facilities using Easy Connect (EC150) for remote device connectivity, and sites deploying Modbus RTU–TCP gateways (MB100) or Serial Ethernet Servers (SS100) for RTU communication.

How it could be exploited

An attacker who reaches these devices over the network can exploit multiple vulnerabilities including arbitrary code execution (CWE-94), path traversal (CWE-22), and insecure input handling (CWE-25) to gain unauthorized administrative access or run malicious commands on the device.

Prerequisites

Network access to the WebSCADA, Easy Connect, Modbus gateway, or Serial Ethernet Server devices
No authentication required for exploitation of these vulnerabilities

remotely exploitableno authentication requiredno patch availablearbitrary code execution possibleaffects SCADA monitoring and control

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

WebSCADA (WS100): vers:all/*All versionsNo fix (EOL)

Easy Connect (EC150): vers:all/*All versionsNo fix (EOL)

Modbus RTU – TCP Gateway (MB100): vers:all/*All versionsNo fix (EOL)

Serial Ethernet Server (SS100): vers:all/*All versionsNo fix (EOL)

WebSCADA (WS200): vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to isolate these devices on a dedicated SCADA network; restrict inbound access to authorized engineering workstations and control systems only

HARDENINGDeploy firewall rules to allow only necessary Modbus (port 502) and serial/Ethernet gateway traffic; block all other inbound connections

Long-term hardening

0/1

WORKAROUNDEvaluate replacement or end-of-life plans for WebSCADA and related products; consult with vendor or consider migration to supported alternatives

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: WebSCADA (WS100): vers:all/*, Easy Connect (EC150): vers:all/*, Modbus RTU – TCP Gateway (MB100): vers:all/*, Serial Ethernet Server (SS100): vers:all/*, WebSCADA (WS200): vers:all/*. Apply the following compensating controls:

HARDENINGMonitor network traffic to these devices for suspicious access patterns; log all administrative actions and connection attempts

CVEs (4)

CVE-2010-4733 CVE-2010-4731 CVE-2010-4732 CVE-2010-4730

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1609d637-d428-4a0c-98d0-1c786beb1eaa