OTPulse
FeedAboutContact

Eaton 9000X Drive

Act Now5.6ICS-CERT ICSA-18-193-01Jul 12, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

A stack buffer overflow vulnerability (CWE-121) in Eaton 9000X Drive firmware versions 2.0.29 and earlier allows remote code execution. The vulnerability requires high skill to exploit but no authentication. Eaton has released a firmware update. No known public exploits exist at this time.

What this means
What could happen
An attacker with network access to an Eaton 9000X Drive could execute arbitrary code on the device, potentially allowing them to modify drive parameters, alter motor speed or torque setpoints, or halt operations depending on its role in your control system.
Who's at risk
This affects operators of Eaton 9000X industrial drives used in motor control applications across water treatment, wastewater pumping, HVAC systems, conveyors, and other rotating equipment in utilities and manufacturing. Any facility relying on this drive for critical process control should assess exposure.
How it could be exploited
An attacker on the network reachable by the 9000X Drive (or via the Internet if the device is exposed) could send a specially crafted network request to trigger a stack buffer overflow vulnerability. Remote code execution could follow, giving the attacker command-level control of the drive.
Prerequisites
  • Network access to the 9000X Drive
  • Device must be running vulnerable firmware version 2.0.29 or earlier
  • No authentication required
remotely exploitableno authentication requiredhigh EPSS score (13.3%)stack buffer overflow complexity makes manual exploitation difficult but not impossible
Exploitability
High exploit probability (EPSS 13.3%)
Affected products (1)
ProductAffected VersionsFix Status
9000X Drive:≤ 2.0.29<UNKNOWN>
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to 9000X Drive—place it behind a firewall and isolate from business network and Internet
HARDENINGIf remote access to the drive is required for engineering or maintenance, use a VPN and restrict access to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 9000X Drive firmware to the patched version released by Eaton (check vendor security bulletin for version number)
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/02b8117f-23c3-4ec6-8ced-119508f8ad83