Tibbo AggreGate Platform Vulnerabilities

Act Now9.8ICS-CERT ICSA-15-323-01Aug 22, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Tibbo AggreGate Platform versions 5.21.02 and earlier contain an unrestricted file upload vulnerability (CWE-434). An unauthenticated attacker can upload and execute arbitrary files on the server, achieving remote code execution with full system privileges. No vendor patch is available; the affected versions remain vulnerable.

What this means

What could happen

An attacker could upload and execute arbitrary files on the AggreGate Platform, gaining complete control over the server and potentially disrupting data collection, alarming, or automation functions across connected industrial equipment.

Who's at risk

This affects organizations running Tibbo AggreGate Platform for SCADA data aggregation, monitoring dashboards, and industrial automation integration. Anyone using AggreGate as a central reporting or alarming hub for PLCs, meters, sensors, or other industrial devices is at risk.

How it could be exploited

An attacker sends a crafted request over the network to the AggreGate Platform web interface to upload a malicious file without authentication. The server stores and executes the file, allowing the attacker to run arbitrary commands on the platform and access or modify any connected system.

Prerequisites

Network access to the AggreGate Platform web server (typically port 80 or 443
No authentication required
Ability to craft HTTP requests to the upload functionality

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableArbitrary code execution

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

AggreGate Platform: <=5.21.02≤ 5.21.02No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate AggreGate Platform behind a firewall or network segment; restrict incoming network access to authorized hosts only

WORKAROUNDDisable or restrict the file upload feature if not required for operations

HARDENINGImplement network-level controls to limit which hosts can reach the AggreGate Platform web interface

Long-term hardening

0/1

HOTFIXMonitor for and evaluate vendor updates or migration path to a patched product version when available

CVEs (2)

CVE-2015-7912 CVE-2015-7913

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6ac4cd53-4bc4-4aad-9e2a-ece2790d8f4f