Elipse E3 Process Control Vulnerability
Low RiskICS-CERT ICSA-15-069-04Dec 11, 2015
Summary
Elipse E3 versions 4.5.232 through 4.6.161 and the bundled EQATEC.Analytics.Monitor DLLs (32-bit and 64-bit variants) contain a process control vulnerability (CWE-114) that could allow remote code execution. The vulnerability exists in the analytics monitoring components integrated into Elipse E3. No vendor patch is currently available for affected versions.
What this means
What could happen
An attacker could execute arbitrary code on Elipse E3 systems, potentially altering process control logic, setpoints, or stopping critical process operations.
Who's at risk
Organizations using Elipse E3 process control software (versions 4.5.232 through 4.6.161) for monitoring and control of critical processes in manufacturing, water treatment, utilities, and other industrial operations should be aware of this vulnerability affecting the embedded analytics monitoring components.
How it could be exploited
An attacker exploits CWE-114 (process control vulnerability) in Elipse E3 versions 4.5.232 through 4.6.161 or the EQATEC monitoring DLLs to execute arbitrary code with the privileges of the Elipse E3 process.
Prerequisites
- Access to a system running affected Elipse E3 versions (4.5.232 to 4.6.161)
- The EQATEC.Analytics.Monitor DLL must be loaded in the Elipse E3 process
No patch available from vendorAffects process control systemsCode execution capability
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Elipse E3: >=4.5.232|<=4.6.161≥ 4.5.232|≤ 4.6.161No fix (EOL)
Elipse E3: EQATEC.Analytics.Monitor.Win32_vc100.dll_32-bitEQATEC.Analytics.Monitor.Win32 vc100.dll 32-bitNo fix (EOL)
Elipse E3: EQATEC.Analytics.Monitor.Win32_vc100-x64.dll_64-bitEQATEC.Analytics.Monitor.Win32 vc100-x64.dll 64-bitNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation and firewall rules to restrict access to Elipse E3 systems from untrusted networks
WORKAROUNDDisable or remove the EQATEC.Analytics.Monitor components if they are not in use
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor Elipse E3 processes for unexpected code execution or process anomalies
Long-term hardening
0/1HOTFIXEvaluate upgrading to a patched version of Elipse E3 if available from the vendor, or migrate to alternative process control software
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b5890cf8-563c-4a49-be21-fcd1da392945