OTPulse
FeedAboutContact

GEOVAP Reliance 4 SCADA/HMI

Monitor6.1ICS-CERT ICSA-18-298-01Oct 25, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A reflected cross-site scripting (XSS) vulnerability in GEOVAP Reliance SCADA versions 4.7.3 Update 3 and prior allows an unauthenticated attacker to inject arbitrary JavaScript into HTTP responses via a specially crafted request. The vulnerability requires the user's HTTP traffic to pass through an attacker-controlled HTTP proxy. An attacker could use this to steal session cookies, perform unauthorized actions in the HMI, or capture credentials if a user visits a malicious link.

What this means
What could happen
An attacker could inject malicious JavaScript code into a web browser session accessing Reliance SCADA, potentially allowing credential theft or unauthorized actions within the HMI. This only affects users accessing the system through an HTTP proxy and requires user interaction to click a crafted link.
Who's at risk
Energy and manufacturing facilities using GEOVAP Reliance SCADA version 4.7.3 Update 3 or earlier for HMI and supervisory control operations should be concerned. This affects any operator workstations or remote access points that browse to the Reliance web interface over HTTP.
How it could be exploited
An attacker crafts a malicious HTTP request containing JavaScript code and tricks a user into clicking a link or visiting a page that triggers it. If the user's traffic flows through an HTTP proxy that the attacker controls or can intercept, the JavaScript payload reflects back in the HTTP response and executes in the user's browser, potentially stealing session tokens or performing unauthorized actions in the HMI interface.
Prerequisites
  • User must access Reliance SCADA HMI via HTTP (not HTTPS)
  • User traffic must pass through an HTTP proxy controlled or observable by the attacker
  • User must click a malicious link or visit an attacker-controlled page
  • Reliance SCADA version 4.7.3 Update 3 or earlier
remotely exploitablerequires user interaction (link click)low CVSS score (6.1)requires HTTP proxy control or network positionlow exploit probability (0.2% EPSS)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Reliance SCADA:≤ 4.7.3 Update 34.8.0
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDSwitch Reliance SCADA application to HTTPS to prevent HTTP proxy message manipulation
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Reliance SCADA to version 4.8.0 or later
Long-term hardening
0/2
HARDENINGRestrict network access to Reliance SCADA HMI—do not expose to the Internet and place behind firewall
HARDENINGIsolate control system networks from business network to prevent proxy-based interception
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4898a102-6762-4709-9d4d-9c7fed4db36b