OTPulse
FeedAboutContact

Fazecast jSerialComm

Plan Patch7.8ICS-CERT ICSA-20-126-01May 5, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

jSerialComm versions 2.2.2 and earlier, and EcoStruxure IT Gateway versions 1.5.x through 1.7.x contain a DLL hijacking vulnerability. A malicious DLL file with the same name as a resident library in the installation directory can be executed by the application, allowing arbitrary code execution. No public exploits are currently known, but the vulnerability is exploitable.

What this means
What could happen
An attacker could place a malicious DLL file with the same name as a legitimate library in the software installation directory, allowing arbitrary code execution with the privileges of the application. This could enable an attacker to manipulate industrial control functions or disable critical IT infrastructure.
Who's at risk
Organizations using Fazecast jSerialComm or Schneider Electric EcoStruxure IT Gateway for industrial control system communication or IT infrastructure management should prioritize patching. This affects companies relying on these tools for device communication or energy management systems.
How it could be exploited
An attacker gains write access to the jSerialComm or EcoStruxure IT Gateway installation directory (typically requiring local system access or a compromised account), then places a malicious DLL with the same name as a resident library. When the application loads DLLs, it executes the attacker's malicious code instead of the legitimate library.
Prerequisites
  • Local write access to the software installation directory
  • Unprivileged user account (PR:L)
  • Knowledge of DLL names used by the application
Local privilege escalation required but exploitable by unprivileged usersLow complexity attackDLL hijacking/DLL preloading vulnerabilityInstallation directory write access is a common misconfiguration
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
jSerialComm: <= 2.2.2≤ 2.2.22.3 or later
EcoStruxure IT Gateway: 1.5.x | 1.6.x | 1.7.x1.5.x | 1.6.x | 1.7.x1.8.1 or later
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict write permissions on software installation directories to prevent unprivileged users from placing files
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate jSerialComm to Version 2.3 or later
HOTFIXUpgrade EcoStruxure IT Gateway to Version 1.8.1 or later
Long-term hardening
0/1
HARDENINGImplement application-level integrity monitoring for DLLs loaded by jSerialComm and EcoStruxure IT Gateway
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fc655ad6-db77-4d57-86ba-c72c4a744df3
Fazecast jSerialComm | CVSS 7.8 - OTPulse