OTPulse
FeedAboutContact

ProSoft Technology RadioLinx ControlScape PRNG Vulnerability

Low RiskICS-CERT ICSA-13-248-01Jun 8, 2013
Summary

ProSoft Technology RadioLinx ControlScape versions prior to 6.00.040 contain a weak pseudorandom number generator (PRNG) used for encryption key and session token generation. The predictable PRNG could allow an attacker with network access to derive encryption keys and bypass authentication or decrypt sensitive communications. This affects remote access and wireless field device management capabilities.

What this means
What could happen
An attacker with network access to a RadioLinx ControlScape device could exploit a weak random number generator to predict encryption keys or session tokens, potentially allowing unauthorized access to device configuration or command execution.
Who's at risk
Organizations operating RadioLinx ControlScape wireless gateways or RTU interfaces in water systems, electrical distribution networks, or other critical infrastructure that rely on encrypted communications for remote monitoring and control should be concerned. This affects remote terminal units (RTUs) and wireless field devices managed through ControlScape.
How it could be exploited
An attacker on the same network segment as the ControlScape device could intercept encrypted communications and exploit the predictable PRNG to derive the encryption keys. Once keys are predicted, the attacker could decrypt traffic or forge authenticated commands to the device.
Prerequisites
  • Network access to the RadioLinx ControlScape device (same network segment or reachable via configured network routes)
  • Ability to capture or observe encrypted communications to/from the device
no patch availableweak cryptographic mechanism (PRNG)remotely exploitableaffects encrypted communications security
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
RadioLinx ControlScape: <FH_v6.00.040<FH v6.00.040No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDDisable remote access to ControlScape devices if not operationally required; use local console administration only
Mitigations - no patch available
0/2
RadioLinx ControlScape: <FH_v6.00.040 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate RadioLinx ControlScape devices on a dedicated control network segment with access controls (firewall rules, air-gapping where possible) to limit attacker network reach
HARDENINGImplement network monitoring and IDS/IPS rules to detect suspicious communications patterns with ControlScape devices
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/2cb0fae7-98a7-423a-98b9-bee92122ba54