Japanese electrical engineering and software company Yokogawa has patched three stack-based buffer overflow vulnerabilities in several of its products.
According to an advisory published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the bugs affect Yokogawa’s CENTUM series as well as Exaplog, PRM, STARDOM, and others.
“Successful exploitation of these vulnerabilities could result in a denial-of-service condition impacting network communications and allow arbitrary code execution,” the advisory warns.
The Japanese company provides more context on the vulnerabilities in its own security advisory report. It explains that a remote attacker could send a specially crafted packet to the process that executes the control network communication. This could disable the network communication and render the process that uses the communication function unavailable, thereby allowing the attacker to execute arbitrary code.
As noted by The Register, the bugs affect systems that have a Windows interface and those with embedded versions, such as the ProSafe’s human-machine interface.
All three buffer overflows (CVE-2015-5626, CVE-2015-5627, and CVE-2015-5628) have received a 10.0 CVSS v2 base score and can be exploited by an attacker with low technical skills.
Even so, Yokogawa, which has been involved in the development of the Situational Awareness Reference Architecture (SARA), notes that if affected products are isolated on the network, the ability for attackers to exploit the vulnerabilities is relatively low.
Additionally, as the communication function affects only the PCN and not the business network, sysadmins and other security personnel can implement the following mitigation measures:
“It is possible to protect the PCN from an attack to this vulnerability from the external network (e.g. business network) by installing a firewall between the external network and the control system, and applying appropriate security settings,” explains Yokogawa. “It is also recommended to manage the network appropriately so that any suspicious devices cannot be connected to the network where the affected products are connected.”
The company has produced patches for the affected products, but not all of them are publicly available yet. Some of the patches can be found here.