OTPulse
FeedAboutContact

SpiderControl MicroBrowser

Plan Patch8.8ICS-CERT ICSA-17-292-01Oct 19, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

SpiderControl MicroBrowser versions 1.6.30.144 and earlier contain a code execution flaw (CWE-427) that allows arbitrary code execution when a user opens a specially crafted file. The vulnerability is remotely exploitable via email, web link, or removable media and requires no special privileges, making it trivial for an attacker to trick operators into triggering it. Affected versions run on Windows XP, Vista, 7, 8, and 10.

What this means
What could happen
An attacker could use a crafted file to execute arbitrary code on engineering workstations or HMI systems running MicroBrowser, potentially allowing them to modify control logic, alter process parameters, or disrupt plant operations.
Who's at risk
Organizations operating industrial facilities with engineering workstations, HMI systems, or operator consoles running SpiderControl MicroBrowser on older Windows platforms. This includes water utilities, electric utilities, gas facilities, and manufacturing plants that use MicroBrowser for process visualization or remote monitoring. Any facility where operators or engineers interact with MicroBrowser files should be considered at risk.
How it could be exploited
An attacker sends a crafted file (via email, web link, or removable media) to an operator or engineer. When the victim opens the file in MicroBrowser, the application executes arbitrary code with the privileges of the logged-in user. The attacker gains the ability to run commands on the workstation and potentially access connected control systems.
Prerequisites
  • User interaction required: target must open a malicious file in MicroBrowser
  • MicroBrowser version 1.6.30.144 or earlier installed on Windows XP, Vista, 7, 8, or 10
  • No network access required; attack can occur via email or USB
remotely exploitable (via file attachment or link)no authentication requiredlow complexity to exploituser interaction required but trivialproduct is end-of-life with no vendor fix availableruns on obsolete Windows versions (XP, Vista) no longer receiving security patches
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
MicroBrowser Windows XP Vista 7 8 and 10:≤ 1.6.30.144No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIdentify all systems running MicroBrowser and assess whether the application is still necessary for plant operations
WORKAROUNDIf MicroBrowser must remain in use, isolate affected workstations from the control network and restrict file transfer mechanisms (disable email, USB ports, or file shares from untrusted sources)
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement application whitelisting on workstations running MicroBrowser to prevent execution of unsigned or untrusted files
Mitigations - no patch available
0/1
MicroBrowser Windows XP Vista 7 8 and 10: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGUpgrade affected systems to Windows 11 or a supported Windows version with modern security features, and replace MicroBrowser with a supported HMI or visualization tool
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b55256c8-5671-479a-9bae-96531c04de33
SpiderControl MicroBrowser | CVSS 8.8 - OTPulse