Synergy Systems & Solutions HUSKY RTU (Update A)

Act Now9.8ICS-CERT ICSA-20-042-01Feb 11, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

HUSKY RTU 6049-E70 firmware versions 5.0 and earlier contain multiple vulnerabilities (CWE-287 authentication, CWE-20 input validation, CWE-306 missing authorization, CWE-754 improper error handling, CWE-200 information exposure, CWE-276 incorrect permissions). These allow an attacker to read sensitive information, execute arbitrary code, or cause denial-of-service conditions on the remote terminal unit.

What this means

What could happen

An attacker with network access to the RTU could execute arbitrary commands on the device, alter process setpoints or measurements, disrupt SCADA communications, or extract sensitive configuration and operational data from the RTU without authentication.

Who's at risk

Water utilities and electric utilities that use HUSKY RTU 6049-E70 units for remote telemetry, SCADA communications, and operational monitoring should implement mitigations immediately. RTUs are typically deployed at substations, pump stations, treatment facilities, and remote monitoring points where they relay operational data and receive control commands from the control center.

How it could be exploited

An attacker on the network sends crafted packets to the RTU's IEC-104 protocol port or other exposed service ports. Due to weak authentication and input validation, the attacker bypasses access controls and either extracts data, runs commands to alter RTU behavior, or floods the device to cause it to stop responding to legitimate commands from the control center.

Prerequisites

Network access to the RTU on its service ports (e.g., IEC-104 protocol port)
No valid credentials or special access required
Device must be running firmware version 5.0 or earlier

remotely exploitableno authentication requiredlow complexitymultiple vulnerability typesaffects remote terminal units (telemetry and control)end-of-life firmware with no patch available for older versions

Exploitability

Moderate exploit probability (EPSS 3.4%)

Affected products (1)

ProductAffected VersionsFix Status

HUSKY RTU 6049-E70 with: firmware≤ 5.05.1.2

Remediation & Mitigation

0/7

Do now

0/3

WORKAROUNDImplement IP whitelisting on the RTU's IEC-104 protocol configuration to allow only trusted control center and engineering workstation addresses to communicate with the device.

WORKAROUNDConfigure strong passwords on the RTU via Husky Studio to restrict unauthorized administrative access.

WORKAROUNDBlock all non-trusted IP addresses at the firewall level from reaching the RTU.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade HUSKY RTU 6049-E70 to firmware version 5.1.2 or higher. Coordinate with Synergy Systems & Solutions before upgrading to assess potential operational impact during the firmware update.

HARDENINGEstablish an SSL/TLS tunnel between the RTU and the control center to encrypt and restrict communications.

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the RTU on a dedicated SCADA subnet, separate from corporate networks and the Internet. Restrict firewall rules to allow only necessary ports and protocols.

HARDENINGEnsure the RTU has no direct Internet connection and prohibit use for web browsing, email, or messaging.

CVEs (6)

CVE-2019-20046 CVE-2019-20045 CVE-2019-16879 CVE-2020-7800 CVE-2020-7801 CVE-2020-7802

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74fc73e6-5115-4e8c-8bf0-ce965ca17731