Triangle MicroWorks Uncontrolled Resource Consumption

Low RiskICS-CERT ICSA-14-149-01Mar 1, 2014

Summary

Triangle MicroWorks SCADA Data Gateway versions prior to 3.00.0635 contain an uncontrolled resource consumption vulnerability (CWE-400). An attacker could send malformed or excessive requests that consume system resources (memory, CPU), causing denial of service and interruption of SCADA data operations.

What this means

What could happen

An attacker could send specially crafted network requests that exhaust the gateway's memory or CPU, causing it to stop processing SCADA data and disrupt communication between control systems and monitoring stations.

Who's at risk

Energy sector operators running Triangle MicroWorks SCADA Data Gateway in versions before 3.00.0635. This affects systems integrating field devices (RTUs, PLCs) with central SCADA monitoring and historian platforms. The gateway is commonly deployed at substations or control centers.

How it could be exploited

An attacker with network access to the SCADA Data Gateway sends malformed or excessively large requests to the gateway's network interface. The gateway fails to properly limit resource consumption, causing memory or CPU exhaustion that leads to service degradation or crash.

Prerequisites

Network access to the SCADA Data Gateway on its listening port
No authentication required

Remotely exploitableNo authentication requiredNo patch availableAffects SCADA data communications

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

SCADA Data Gateway: <v3.00.0635<v3.00.0635No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGImplement network segmentation to restrict access to the SCADA Data Gateway to only authorized control center workstations and field devices

WORKAROUNDDeploy firewall rules to limit traffic to the gateway's required ports and block unexpected connection patterns

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor gateway CPU and memory usage for anomalies indicating resource exhaustion attacks

WORKAROUNDImplement rate limiting or connection throttling on network access to the gateway if supported by the device or upstream firewall

Mitigations - no patch available

0/1

SCADA Data Gateway: <v3.00.0635 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGEvaluate migration to a current version of SCADA Data Gateway or alternative product with active vendor support

CVEs (2)

CVE-2014-2342 CVE-2014-2343

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/017fb469-482c-4dbd-8bbd-5714e575044c