Digital Canal Structural Wind Analysis

Monitor7.5ICS-CERT ICSA-17-157-02Jun 6, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Wind Analysis versions 9.1 and earlier contain a stack-based buffer overflow vulnerability (CWE-121) that can be exploited remotely without authentication. An attacker can send a malicious request to the application, causing a denial-of-service condition or potential code execution.

What this means

What could happen

An attacker could remotely shut down the Wind Analysis application, disrupting wind farm monitoring and structural analysis operations. Depending on how the application is integrated into plant controls, this could prevent operators from assessing wind loads on turbines and related infrastructure.

Who's at risk

Wind farm operators and utilities using Wind Analysis for structural monitoring and load assessment of wind turbines and supporting infrastructure. This affects any site where the application is running and accessible from a network that an attacker could reach.

How it could be exploited

An attacker on the network sends a specially crafted input message to the Wind Analysis application listening on its exposed network port. The malicious input overflows the stack buffer, crashing the application or potentially allowing arbitrary code execution on the host computer.

Prerequisites

Network access to the Wind Analysis application port
No credentials required
Application listening on a network-accessible interface

remotely exploitableno authentication requiredlow complexitydenial of service impactno patch availablestack-based buffer overflow

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

Wind Analysis:≤ 9.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate Wind Analysis systems from external networks using a firewall; restrict access to the application port to only authorized engineering workstations and SCADA servers

WORKAROUNDDisable remote access to Wind Analysis if not operationally required; configure access controls to require VPN authentication if remote access is necessary

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate upgrade to Wind Analysis version 9.2 or later if available from the vendor, or migrate to an alternative vendor solution

Mitigations - no patch available

0/1

Wind Analysis: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor network traffic for suspicious connections to the Wind Analysis application port and implement intrusion detection signatures if available

CVEs (1)

CVE-2017-7910

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0dc84995-634e-4baf-a08a-a2a2dfe453da