SpiderControl SCADA MicroBrowser

Monitor7.3ICS-CERT ICSA-17-234-02Aug 22, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SpiderControl SCADA MicroBrowser versions 1.6.30.144 and earlier contain a buffer overflow vulnerability (CWE-121) that allows remote code execution without authentication. The vulnerability is remotely exploitable with low complexity, posing a risk to systems used for SCADA visualization and control in energy environments. No patch is available from the vendor.

What this means

What could happen

An attacker on your network could remotely execute code on the SCADA MicroBrowser with no credentials required, potentially allowing them to intercept or modify operational data displayed to operators or manipulate system functions.

Who's at risk

Energy sector operators using SpiderControl SCADA MicroBrowser for plant visualization and control interface monitoring. This affects any facility relying on this software for operator displays or data access to PLCs and RTUs.

How it could be exploited

An attacker sends a specially crafted network request to the MicroBrowser application. The request exploits a buffer overflow vulnerability that allows arbitrary code execution without requiring authentication. The attacker could then run commands on the device or modify how it displays or processes data.

Prerequisites

Network access to the SCADA MicroBrowser application port
No credentials required

remotely exploitableno authentication requiredlow complexityno patch availablebuffer overflow (CWE-121)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

SCADA MicroBrowser:≤ 1.6.30.144No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate SCADA MicroBrowser systems from direct internet and untrusted network access using network segmentation or firewall rules

WORKAROUNDRestrict access to SCADA MicroBrowser to only authorized engineering workstations and control system networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the SCADA MicroBrowser for suspicious connection attempts or malformed requests

Mitigations - no patch available

0/1

SCADA MicroBrowser: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan replacement or retirement of SCADA MicroBrowser systems in favor of supported software given no patch is available

CVEs (1)

CVE-2017-12707

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7ca7a4df-75a1-47da-8ff8-255aa4a06398