GEOVAP Reliance SCADA

Monitor6.1ICS-CERT ICSA-17-334-02Nov 30, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Reliance SCADA contains a cross-site scripting (XSS) vulnerability in its web interface. An attacker can inject malicious JavaScript code that executes in an operator's browser when they interact with a crafted URL. The vulnerability affects all versions up to and including 4.7.3 Update 2, with no vendor fix available.

What this means

What could happen

An attacker could inject malicious code into a SCADA operator's web interface, potentially allowing theft of sensitive information or modification of system settings displayed to operators.

Who's at risk

Energy sector operators running Reliance SCADA systems should be concerned. This affects anyone using the web-based interface to monitor or configure SCADA systems in power generation, transmission, or distribution facilities.

How it could be exploited

An attacker crafts a malicious link or email containing injected JavaScript code and tricks an operator into clicking it. When the operator accesses the Reliance SCADA web interface through the malicious link, the injected code executes in their browser session, allowing the attacker to capture credentials or modify displayed data.

Prerequisites

Network access to the Reliance SCADA web interface from external network
Operator must click a malicious link or visit a compromised website
No credentials required to exploit—only user interaction needed

remotely exploitableno authentication requiredlow complexityno patch availableaffects SCADA operators

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Reliance SCADA:≤ 4.7.3 Update 2No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/4

HARDENINGRestrict network access to Reliance SCADA web interface to authorized engineering workstations only using firewall rules

HARDENINGImplement a reverse proxy or web application firewall (WAF) in front of the SCADA web interface to filter XSS payloads

HARDENINGEducate operators to avoid clicking unknown links and to verify URLs before entering credentials

HARDENINGMonitor for and block external access to the SCADA interface; ensure it is only accessible from the internal control network

CVEs (1)

CVE-2017-16721

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4990bbba-b176-4848-b751-78815eaa520a