OTPulse
FeedAboutContact

Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability

Low RiskICS-CERT ICSA-15-008-02Oct 11, 2015
Summary

A buffer overflow vulnerability exists in Schneider Electric InTouch Access Anywhere Server versions 10.6 and 11.0. The vulnerability is caused by improper handling of network input, which could allow an attacker to crash the service or execute arbitrary code. No vendor patch is currently available for either affected version.

What this means
What could happen
A buffer overflow in the InTouch Access Anywhere Server could allow an attacker with network access to crash the server or execute arbitrary code, disrupting remote access to your HMI and process control systems.
Who's at risk
Energy sector organizations running Schneider Electric InTouch Access Anywhere Server versions 10.6 or 11.0 should be concerned. This product is typically used to provide remote access to HMI systems and plant process data, making it a critical point of entry for remote operators and engineers. If compromised, an attacker could disrupt or manipulate remote operations.
How it could be exploited
An attacker sends a specially crafted packet to the InTouch Access Anywhere Server listening port, triggering a buffer overflow in memory. This could allow code execution on the server or cause it to crash, cutting off remote operators from the plant HMI interface.
Prerequisites
  • Network access to the InTouch Access Anywhere Server listening port
  • No authentication required
remotely exploitableno authentication requiredno patch availableaffects remote access infrastructure
Exploitability
Moderate exploit probability (EPSS 6.4%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
InTouch Access Anywhere Server: 10.610.6No fix (EOL)
InTouch Access Anywhere Server: 11.011.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGDeploy firewall rules to limit inbound connections to the InTouch Access Anywhere Server port to trusted IP addresses and networks only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate upgrading to a patched version of InTouch if available from Schneider Electric or AVEVA; contact vendor for patch status
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: InTouch Access Anywhere Server: 10.6, InTouch Access Anywhere Server: 11.0. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the InTouch Access Anywhere Server to only authorized engineering and operations personnel; deny external internet access if possible
HARDENINGMonitor network traffic to the InTouch Access Anywhere Server for suspicious connection attempts or malformed packets
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c1646413-b213-48d3-9e09-25baac500f2b