OTPulse
FeedAboutContact

Elipse E3 Process Control Vulnerability (Update A)

Low RiskICS-CERT ICSA-15-069-04ADec 11, 2015
Summary

Elipse E3 process control software versions 4.5.232 through 4.6.161 contain a vulnerability in the EQATEC.Analytics.Monitor component that allows remote code execution. The vulnerability exists in both 32-bit and 64-bit versions of the Analytics Monitor DLL. No vendor patch is currently available for affected versions.

What this means
What could happen
An attacker with network access to Elipse E3 could execute arbitrary code on the process control system, potentially causing unauthorized changes to process parameters, equipment shutdown, or data theft from industrial operations.
Who's at risk
Water treatment and electric utility operators running Elipse E3 for process automation and control. This affects facilities using E3 versions 4.5.232 through 4.6.161 as the primary SCADA/process control platform.
How it could be exploited
An attacker sends a specially crafted request to the Elipse E3 application over the network. The vulnerability in the EQATEC Analytics Monitor component fails to properly validate input, allowing the attacker to execute code with the privileges of the E3 process.
Prerequisites
  • Network access to the Elipse E3 application
  • E3 version 4.5.232 through 4.6.161 installed
Remotely exploitableNo patch available from vendorAffects control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Elipse E3: >=4.5.232|<=4.6.161≥ 4.5.232|≤ 4.6.161No fix (EOL)
Elipse E3: EQATEC.Analytics.Monitor.Win32_vc100.dll_32-bitEQATEC.Analytics.Monitor.Win32 vc100.dll 32-bitNo fix (EOL)
Elipse E3: EQATEC.Analytics.Monitor.Win32_vc100-x64.dll_64-bitEQATEC.Analytics.Monitor.Win32 vc100-x64.dll 64-bitNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation to restrict access to Elipse E3 systems from untrusted networks
WORKAROUNDDisable or restrict remote access to Elipse E3 if not required for operations
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor Elipse E3 process logs and network connections for suspicious activity
HOTFIXEvaluate upgrading to a newer version of Elipse E3 beyond 4.6.161 if available from the vendor
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/664f07aa-e7d7-451b-bc9b-d1d1d247c638