Tollgrade Smart Grid EMS LightHouse Vulnerabilities

Plan Patch8.1ICS-CERT ICSA-16-194-01Apr 15, 2016

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Tollgrade LightHouse SMS Smart Grid Energy Management System (EMS) contains multiple vulnerabilities: improper access control (CWE-306) that allows authenticated users to read sensitive configuration and system information, information exposure (CWE-209) that leaks internal system details, and unrestricted upload/download (CWE-425). Affected versions: LightHouse SMS 5.1_Patch_3 and earlier. No firmware patches are planned by the vendor. The vulnerabilities enable authenticated attackers to access unauthorized resources and retrieve sensitive grid management data.

What this means

What could happen

An authenticated attacker with access to the LightHouse SMS interface could read sensitive energy management configuration data, gain information about system internals, and potentially modify system settings without proper authorization controls.

Who's at risk

Utilities and energy companies operating Tollgrade LightHouse SMS for smart grid management and energy management systems (EMS). This affects supervisory control systems that manage grid configuration, meter data, and operational parameters.

How it could be exploited

An attacker with valid credentials to the LightHouse SMS web interface can directly access unauthorized resources and configuration data by exploiting missing access controls (CWE-306) and information disclosure vulnerabilities. The attack requires valid login credentials but no special technical complexity once authenticated.

Prerequisites

Valid credentials for LightHouse SMS web interface
Network access to the SMS server port
Authentication to the application

no patch availableaffects SCADA/EMS systemsmissing access controlsrequires valid credentialsinformation disclosure

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (1)

ProductAffected VersionsFix Status

LightHouse SMS: <=5.1_Patch_3≤ 5.1 Patch 3No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to LightHouse SMS to authorized personnel only using firewall rules and network segmentation

HARDENINGEnforce strong authentication and implement role-based access controls to limit credential access within LightHouse SMS

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and audit administrative access to LightHouse SMS configuration and settings

Mitigations - no patch available

0/1

LightHouse SMS: <=5.1_Patch_3 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan migration or replacement of LightHouse SMS with a supported system that receives active security updates

CVEs (3)

CVE-2016-5790 CVE-2016-5797 CVE-2016-5807

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/56ee6d46-8b6a-4d33-b8b4-d94d1bc3fbdd