Safenet Sentinel and 7-T Input Sanitization Vulnerability
Low RiskICS-CERT ICSA-11-314-01Aug 13, 2011
Summary
Input sanitization vulnerabilities in SafeNet Sentinel HASP SDK (versions prior to 5.11) and Sentinel HASP Run-time installers (versions prior to 6.x), as well as 7 Technologies IGSS version 7, allow cross-site scripting (XSS) attacks via unsanitized input fields. These products are commonly used for license management and industrial control system HMI interfaces. The vendors have not released patches for these vulnerabilities, and CISA recommends implementing defensive measures to minimize exploitation risk.
What this means
What could happen
Cross-site scripting (XSS) vulnerabilities in SafeNet Sentinel HASP SDK and 7-T IGSS could allow an attacker to inject malicious scripts into web interfaces, potentially compromising access to engineering workstations or HMI systems used to manage industrial processes.
Who's at risk
Water utilities and electric utilities using SafeNet Sentinel HASP SDK for license management or 7-T IGSS for HMI/SCADA operations should review their exposure. The risk is highest if these products are internet-facing or accessible from engineering networks where operators manage critical process controls.
How it could be exploited
An attacker could inject malicious JavaScript into input fields in the HASP SDK or IGSS web interface that are not properly sanitized. When an authorized user views the affected page, the injected script executes in their browser, potentially allowing credential theft or unauthorized process control commands.
Prerequisites
- Web access to the affected product interface
- User interaction required (the victim must visit a page containing the injected payload)
no patch availableinput validation weakness (CWE-79)affects HMI/engineering interfaces
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (3)
1 pending2 EOL
ProductAffected VersionsFix Status
7 Technologies (7T) IGSS: 77No fix yet
SafeNet Sentinel HASP SDK: <5.11<5.11No fix (EOL)
Sentinel HASP Run-time installers: <6.x<6.xNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate HASP SDK and IGSS systems from untrusted network access using firewalls and network segmentation
HARDENINGRestrict web interface access to authorized engineering workstations only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor for suspicious input or script execution on affected systems
WORKAROUNDImplement input validation and output encoding at the application level if possible through configuration changes
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0da020af-cc82-4710-b89c-786ffc91fe29