OTPulse
FeedAboutContact

VIPA Controls WinPLC7

Act Now7.5ICS-CERT ICSA-17-054-01Feb 23, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

VIPA Controls WinPLC7 version 5.0.45.5921 and earlier contains a vulnerability (CWE-121) that allows a remote attacker to cause a denial of service condition without authentication. The vulnerability is remotely exploitable with low skill level required. VIPA has indicated no fix is planned for this product.

What this means
What could happen
A remote attacker can cause a denial of service (DoS) on WinPLC7 systems without needing credentials, disrupting manufacturing process control and operator visibility into plant operations.
Who's at risk
Manufacturing facilities using VIPA WinPLC7 controllers for process automation and control should be concerned. This affects any plant relying on WinPLC7 for real-time monitoring and command execution, including discrete and continuous process industries.
How it could be exploited
An attacker on the network sends a specially crafted request to the WinPLC7 device on its network port. The vulnerability in how the device handles the request causes it to crash or become unresponsive, stopping process monitoring and control until the device is manually restarted.
Prerequisites
  • Network access to the WinPLC7 device
  • Device must be exposed on the network (reachable from attacker's network position)
  • No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (45.1%)no patch availableaffects manufacturing operations
Exploitability
High exploit probability (EPSS 45.1%)
Affected products (1)
ProductAffected VersionsFix Status
WinPLC:≤ 5.0.45.5921No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate WinPLC7 devices on a separate network segment from untrusted networks; restrict access using firewall rules to allow only trusted engineering workstations and HMI systems to communicate with the controller
HARDENINGDisable unused network services and ports on WinPLC7 to reduce attack surface
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring and alerting for abnormal traffic patterns to the WinPLC7 device to detect potential exploitation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/58c5a613-88e5-411f-a3d4-67cd5ce7fe6b
VIPA Controls WinPLC7 | CVSS 7.5 - OTPulse