OTPulse
FeedAboutContact

Fernhill SCADA

Plan Patch7.5ICS-CERT ICSA-22-006-02Jan 6, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in Fernhill SCADA Server versions 3.77 and earlier allows an unauthenticated remote attacker to cause the server to become unresponsive by sending specially crafted network requests. The vulnerability results from improper handling of network input (CWE-400). Successful exploitation would disrupt the operator's ability to monitor and control connected industrial systems.

What this means
What could happen
A remote attacker could send specially crafted network requests to the SCADA server, causing it to become unresponsive and interrupt monitoring and control of energy infrastructure.
Who's at risk
Energy utilities and operators running Fernhill SCADA servers, including those managing power generation, transmission, and distribution systems that depend on this monitoring and control platform.
How it could be exploited
An attacker with network access to the Fernhill SCADA server would send a specially crafted request that triggers a denial-of-service condition, causing the server to stop responding to legitimate control and monitoring commands.
Prerequisites
  • Network access to the Fernhill SCADA Server port (likely port 502 for Modbus or proprietary port)
  • No authentication required
Remotely exploitableNo authentication requiredLow complexityAffects monitoring and control of critical infrastructure
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Fernhill SCADA Server:≤ 3.773.78
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate SCADA server network from the business network using firewalls
HARDENINGEnsure SCADA server is not directly accessible from the Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Fernhill SCADA Server to version 3.78 or later
Long-term hardening
0/1
HARDENINGIf remote access is required, use a VPN and ensure it is kept current with the latest security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e2fe3221-3c2f-4c53-b240-db150e9b2e58