Resource Data Management Intuitive 650 TDB Controller Vulnerabilities (Update A)

Plan Patch8.8ICS-CERT ICSA-16-140-01AFeb 20, 2016

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Resource Data Management Intuitive 650 TDB Controller contains improper access control and cross-site request forgery vulnerabilities. An authenticated user could exploit these weaknesses to gain elevated privileges or perform unauthorized actions on the controller.

What this means

What could happen

An attacker with valid login credentials could escalate privileges to bypass access controls and execute unauthorized commands on the TDB Controller, potentially disrupting or manipulating process control operations.

Who's at risk

Water and wastewater treatment operators, electric utilities, and any facility using Resource Data Management Intuitive 650 TDB Controllers for process automation and control should implement compensating controls, as the affected devices cannot be patched.

How it could be exploited

An attacker with valid credentials to the controller's web interface could craft a CSRF request or exploit improper access control checks to escalate privileges and execute arbitrary administrative actions on the device.

Prerequisites

Valid login credentials for the Intuitive 650 TDB Controller
Network access to the controller's web interface (typically port 80/443)
User interaction or ability to target authenticated users with CSRF requests

Requires valid credentials for exploitationNo patch available from vendorAffects industrial control systemsAccess control bypass possible

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Intuitive 650 TDB Controller: <=2.1≤ 2.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGDeploy firewall rules to limit network access to the controller's web interface

HARDENINGMonitor TDB Controller logs for unauthorized access attempts or privilege escalation activities

HARDENINGEnforce strong, unique passwords for all user accounts on the TDB Controller

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGLimit user privileges to only those required for their operational role

Mitigations - no patch available

0/1

Intuitive 650 TDB Controller: <=2.1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the TDB Controller's management interface only from trusted engineering workstations

CVEs (2)

CVE-2016-4505 CVE-2016-4506

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f212189f-2c07-4a95-88fe-9c312f8e9c63