OTPulse
FeedAboutContact

Nari PCS-9611 (Update A)

Act Now9.8ICS-CERT ICSA-18-025-01Jan 25, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The PCS-9611 relay contains an input validation vulnerability that allows a remote attacker to achieve arbitrary read and write access to the device without authentication. This vulnerability affects all versions of the PCS-9611. The vendor has confirmed there are no plans to release a fix for this product.

What this means
What could happen
An attacker with network access to a PCS-9611 relay could read and write arbitrary data on the device, allowing them to alter relay configuration, trip settings, or control logic—potentially disrupting power distribution or protective functions.
Who's at risk
Electric utilities and operators of power distribution systems that rely on Nari PCS-9611 relays for protection and control. This includes substation operators, relay technicians, and any facility using this relay in critical protection schemes.
How it could be exploited
An attacker on the network sends a crafted message to the PCS-9611 relay without authentication. The device fails to validate the input, allowing the attacker to issue read or write commands to memory or settings. No special access or credentials are required.
Prerequisites
  • Network access to the PCS-9611 relay (direct or via the control network)
  • No authentication required
  • No special configuration or default credentials needed
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects safety/protection systemsArbitrary read/write capability
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
PCS-9611 relay: all versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGIsolate all PCS-9611 relay devices from the business network and the Internet. Keep them on a dedicated, air-gapped control network.
HARDENINGPlace PCS-9611 relays behind a firewall and restrict network access to only authorized engineering and monitoring stations.
WORKAROUNDIf remote access is needed, use a VPN connection to reach the control network, and keep the VPN software and connected devices fully patched.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from PCS-9611 devices for unauthorized access attempts.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fe730b1c-1201-4e14-846a-fe2109cad807