Matt Franz over on the SCADA Security blog at Digital Bond posted a vulnerability for LiveData’s ICCP implementation. From the US-CERT post “The LiveData implementation of RFC 1006 is vulnerable to a heap-based buffer overflow. By sending a specially crafted packet to a vulnerable LiveData RFC 1006 implementation, a remote attacker may be able to trigger the overflow.” And from the SCADA Security Blog,
To our knowledge, this is the first SCADA security vulnerability that has gone through the disclosure process established by US-CERT (with the assistance of CERT/CC who did the bulk of the time-consuming, tedious vendor coordination work) for control systems vulnerabilities.
This demonstrates that coordination centers (or at least CERT/CC) are capable of handling a products and protocols outside their comfort (or experience) zone. They took action. Whether it was the right action might be up for debate, but they did not lose or sit on the bug–which can happen. I know this from personal experience.
CVE Link
US-CERT Posting
SCADA Security Posting
[tags]SCADA Security, SCADA, Critical Infrastructure, LiveData, Vulnerability[/tags]
