OTPulse
FeedAboutContact

Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities

Monitor7.5ICS-CERT ICSA-15-337-03Sep 5, 2015
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

The Pacom 1000 CCU and RTU implement cryptographic algorithms with implementation flaws that allow weak or predictable encryption of communications. An attacker on the network can capture and decrypt sensitive data exchanged between the controller and engineering workstations, including system commands, setpoints, and alarm configurations. This affects all versions of the Pacom 1000 CCU and RTU. The vendor (Pacom Systems) has not released a patch and no fix is available.

What this means
What could happen
An attacker with network access to the Pacom 1000 CCU or RTU could intercept and decrypt sensitive communications due to weak cryptographic implementation, potentially exposing system commands, setpoints, and operational data.
Who's at risk
Water utilities and electric utilities operating Pacom 1000 Control and Communication Units (CCU) or Remote Terminal Units (RTU) for SCADA or process automation are affected. This includes any facility using the Pacom 1000 GMS (Geospatial Monitoring System) for remote monitoring and control of distributed pump stations, water treatment processes, or electrical substations.
How it could be exploited
An attacker positioned on the local network (or with access to network traffic) could capture encrypted communications between the CCU/RTU and engineering workstations or other controllers. Due to weak cryptographic algorithms or implementation flaws, the attacker could decrypt this traffic to extract commands, alarm settings, and process parameters without modifying them first.
Prerequisites
  • Network access to the same subnet or routing path as the Pacom 1000 CCU/RTU
  • Ability to passively intercept network traffic or perform man-in-the-middle positioning
  • No authentication bypass needed—vulnerability is in the encryption mechanism itself
No patch available (end-of-life product)Cryptographic weakness allows interception of operational commandsAll versions vulnerable—no safe version to upgrade toRequires network positioning but low complexity once traffic is captured
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Pacom 1000 CCU and RTU: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate Pacom 1000 CCU and RTU systems on a dedicated, air-gapped network segment with no external connectivity or limit access to trusted engineering workstations only
HARDENINGRestrict network access to Pacom 1000 CCU/RTU to trusted operator and engineering workstations using firewall rules
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring and traffic capture to detect unauthorized access attempts or suspicious communication patterns to Pacom 1000 systems
WORKAROUNDUse a VPN or IPsec tunnel for any remote access to Pacom 1000 systems to add an encryption layer outside the vulnerable application
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/906d917a-ca16-4ae6-8981-6368b52b08cd
Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities | CVSS 7.5 - OTPulse