Schneider Electric SAGE Remote Terminal Unit Predictable TCP Sequence Numbers Let Remote Users Spoof TCP Connections
|
|
SecurityTracker Alert ID: 1032730 |
|
SecurityTracker URL: http://securitytracker.com/id/1032730
|
|
CVE Reference:
CVE-2015-3963
(Links to External Site)
|
Updated: Aug 4 2015
|
Original Entry Date: Jun 26 2015
|
Impact:
Modification of system information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): C3412, C3413, C3414 CPUs
|
Description:
A vulnerability was reported in Schneider Electric SAGE C3412/C3413/C3414 Remote Terminal Units. A remote user can spoof TCP connections in certain cases.
The system generates predictable TCP initial sequence numbers. A remote user that can conduct a man-in-the-middle attack to monitor sequence numbers and then predict future sequence numbers to spoof TCP connections.
The vulnerability resides in the VxWorks TCP stack component.
RTUs using C3412 and C3413 CPU cards are affected.
RTUs using C3414 CPUs with firmware versions prior to C3414-500-S02J2 are affected.
Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech reported this vulnerability.
|
Impact:
A remote user can spoof TCP connections to gain access to and modify data on the target system.
|
Solution:
The vendor has issued a fix (C3414-500-S02YZ - Secure Firmware version J2).
The vendor's advisory is available at:
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01
|
Vendor URL: www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01 (Links to External Site)
|
Cause:
Randomization error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
