OTPulse
FeedAboutContact

IDS RTU 850 Directory Traversal Vulnerability

Low RiskICS-CERT ICSA-15-148-01Feb 28, 2015
Summary

IDS RTU 850 series (NC854, NC856) contains a directory traversal vulnerability in its file handling. An attacker can craft requests with path traversal sequences to read arbitrary files from the RTU's filesystem, potentially exposing configuration files, credentials, and operational data. The vulnerability affects all versions of both models and no vendor fix is planned.

What this means
What could happen
An attacker with network access could read or download arbitrary files from the RTU, potentially exposing configuration data, credentials, or operational settings.
Who's at risk
Water authorities, electric utilities, and other critical infrastructure operators using IDS RTU 850 series (NC854, NC856) as remote terminal units for SCADA data acquisition and control. These RTUs are commonly deployed in substations, water treatment plants, and distribution monitoring points.
How it could be exploited
An attacker sends a crafted request using directory traversal sequences (../) to the RTU's web interface or file service to access files outside the intended directory. No authentication is required if the service is exposed to the network.
Prerequisites
  • Network access to the RTU's web interface or file service port
  • RTU must be directly reachable or accessible via network without additional authentication
remotely exploitableno authentication requiredno patch availableaffects critical infrastructure RTUs
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
NC854: vers:all/*All versionsNo fix (EOL)
NC856: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to RTU web interface and file service ports using firewall rules; only permit connections from authorized engineering workstations or control network segments
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor RTU file access logs for suspicious path traversal patterns or unexpected file reads
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: NC854: vers:all/*, NC856: vers:all/*. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate RTUs from untrusted network segments and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/40a1580f-b9b9-4288-82e8-36d6731713e1