Reliable Controls MACH-ProWebCom/Sys
Plan Patch8.2ICS-CERT ICSA-19-353-04Dec 19, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
MACH-ProWebCom and MACH-ProWebSys controllers contain a cross-site scripting (XSS) vulnerability that allows an attacker to execute commands on behalf of a user. Exploitation requires social engineering to trick a user with web access into clicking a malicious link or opening a crafted attachment. The vulnerability affects all versions of both products prior to firmware revision 8.26.4 and software revision 2.15. Reliable Controls has released patches to resolve this issue.
What this means
What could happen
An attacker could execute commands on the MACH-ProWebCom or MACH-ProWebSys controller on behalf of a tricked user, potentially modifying system configurations, process setpoints, or triggering unintended equipment operations.
Who's at risk
Utilities and industrial facilities using Reliable Controls MACH-ProWebSys or MACH-ProWebCom controllers for process monitoring and control should prioritize patching. This affects organizations that allow operators or engineers web browser access to the controller interface from potentially untrusted networks.
How it could be exploited
An attacker crafts a malicious web link or email attachment and tricks a user with web browser access to the MACH-ProWeb interface into clicking it. The vulnerability (CWE-79, cross-site scripting) allows the attacker's injected code to execute in the user's browser session, enabling command execution with that user's privileges on the controller.
Prerequisites
- User must have web browser access to the MACH-ProWeb interface
- User must click a malicious link or open a crafted attachment
- Social engineering required to deliver the exploit payload
remotely exploitablerequires user interactionlow complexity attack after initial deliveryaffects control system interface
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
MACH-ProWebSys: All< 2.15 (Firmware versions prior to 8.26.4)firmware 8.26.4 or software 2.15
MACH-ProWebCom: All< 2.15 (Firmware versions prior to 8.26.4)firmware 8.26.4 or software 2.15
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDDo not click unsolicited web links or open unsolicited email attachments from unknown sources
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate MACH-ProWebSys firmware to version 8.26.4 or later
HOTFIXUpdate MACH-ProWebCom firmware to version 8.26.4 or later
HOTFIXUpdate MACH-ProWebSys software to revision 2.15 or later
HOTFIXUpdate MACH-ProWebCom software to revision 2.15 or later
Long-term hardening
0/1HARDENINGTrain users to recognize phishing and social engineering attempts targeting the MACH-ProWeb interface
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/acfa4a65-228a-430b-9fec-9fefc02bb6b5