OTPulse
FeedAboutContact

SUBNET Solutions Inc. SubSTATION Server DNP3 Outstation Improper Input Validation

Low RiskICS-CERT ICSA-13-252-01Jun 12, 2013
Summary

SubSTATION Server versions 2.7.0033 and 2.8.0106 contain improper input validation in DNP3 outstation protocol handling. An attacker could send malformed DNP3 messages to trigger denial of service or unexpected behavior in the outstation. The vendor has not released a patch for these versions.

What this means
What could happen
Improper input validation in DNP3 protocol handling could allow an attacker to send malformed messages that crash the SubSTATION Server or cause unexpected behavior in the outstation, potentially disrupting SCADA communications in the energy network.
Who's at risk
Energy utilities and operators who use SUBNET Solutions SubSTATION Server for DNP3-based SCADA outstations. This is critical for any utility relying on SubSTATION Server as the master or outstation in remote terminal unit (RTU) or distribution automation networks.
How it could be exploited
An attacker with network access to the DNP3 port on the SubSTATION Server could send specially crafted DNP3 protocol messages that bypass input validation checks. This could trigger a denial of service condition or unspecified protocol handling error on the outstation.
Prerequisites
  • Network access to SubSTATION Server DNP3 port (typically port 20000)
  • Ability to craft and send DNP3 protocol frames
  • Knowledge of SubSTATION Server DNP3 implementation or willingness to fuzz protocol messages
remotely exploitableno patch availableaffects SCADA communications infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
SubSTATION Server: v2.7.0033v2.7.0033No fix (EOL)
SubSTATION Server: v2.8.0106v2.8.0106No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to SubSTATION Server DNP3 port using firewall rules; only allow trusted SCADA master stations and RTUs to connect
WORKAROUNDDisable or isolate SubSTATION Server if it is not actively required for plant operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor DNP3 port for unusual connection attempts or malformed message patterns
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: SubSTATION Server: v2.7.0033, SubSTATION Server: v2.8.0106. Apply the following compensating controls:
HARDENINGImplement network segmentation to place SubSTATION Server on a protected control network; prevent untrusted networks from reaching the DNP3 interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/13ace6ab-e573-4fd5-a027-1000b7e51653