OTPulse
FeedAboutContact

Software Toolbox Top Server Resource Exhaustion Vulnerability

Low RiskICS-CERT ICSA-15-055-01Nov 27, 2015
Summary

Software Toolbox Top Server versions 5.16 and earlier contain a resource exhaustion vulnerability (CWE-400) that could allow an attacker to consume system resources and degrade or stop service availability.

What this means
What could happen
An attacker could exhaust system resources on the Top Server, causing the application to become unresponsive or crash, which would disrupt communication with industrial devices and data collection.
Who's at risk
Water and utility operators who rely on Software Toolbox Top Server for industrial device communication and data collection, particularly those using it as a SCADA data aggregator or gateway in supervisory systems.
How it could be exploited
An attacker with network access to the Top Server could send specially crafted requests or trigger conditions that cause the application to consume excessive CPU, memory, or other system resources, eventually degrading performance or causing a denial of service.
Prerequisites
  • Network access to Software Toolbox Top Server
  • Ability to send requests to the Top Server application
remotely exploitableno patch availableaffects industrial data collection systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Software Toolbox Top Server: <=5.16≤ 5.16No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDeploy firewall rules to limit connections to Top Server from known sources only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor Top Server for abnormal resource consumption (CPU, memory) and configure alerts
Mitigations - no patch available
0/2
Software Toolbox Top Server: <=5.16 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to Top Server to only authorized engineering and SCADA workstations
HARDENINGConsider upgrading to a newer, actively supported data collection platform with resource exhaustion mitigations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6ebfa46d-8882-414c-8a1b-7834e97a861e