Certec EDV GmbH atvise scada (Update A)

Monitor6.1ICS-CERT ICSA-17-096-01AApr 6, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

atvise scada contains cross-site scripting (CWE-79) and clickjacking (CWE-644) vulnerabilities in versions prior to 3.0. These allow remote attackers to inject malicious scripts or perform UI redressing attacks against authenticated users through a crafted link or webpage. The vendor has no plan to fix these issues; users must implement compensating security controls through the application's built-in security features.

What this means

What could happen

An attacker could inject malicious scripts or perform clickjacking attacks against users of the atvise scada system, potentially allowing them to steal credentials or manipulate SCADA operations if the attacker can trick a user into clicking a malicious link.

Who's at risk

Energy sector organizations operating atvise scada systems should care about this issue. It affects SCADA operators and system administrators who access the web-based interface, potentially allowing attackers to compromise control of industrial processes.

How it could be exploited

An attacker crafts a malicious link containing injected script code and tricks a user (such as a system administrator or operator) into clicking it. When the user visits the link, the script executes in their browser with their privileges, allowing the attacker to perform actions on the SCADA system or steal session credentials.

Prerequisites

User must click a malicious link provided by the attacker
User must be authenticated to atvise scada
atvise scada version prior to 3.0

remotely exploitablelow complexityuser interaction requiredno patch availableaffects SCADA systems

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

atvise scada: prior to< 3.0No fix (EOL)

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HARDENINGEnable HTTPS support in atvise scada to encrypt traffic between clients and the system

HARDENINGEnable Protected calls feature in atvise scada to add authentication to sensitive operations

HARDENINGReview and enforce Login and user management controls to limit operator privileges and enforce strong authentication

HARDENINGConfigure User and rights settings according to atvise scada documentation to restrict unauthorized access

CVEs (2)

CVE-2017-6031 CVE-2017-6029

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f47eaf10-2200-46c8-92e6-859d87fb5808