Leading global provider of specialist information security services, IOActive announced that it has discovered a vulnerability in ProSoft Technology’s RadioLinx ControlScape application.
Primarily used with Rockwell Automation and Schneider Electric solutions, this software is deployed worldwide across several industries including oil and gas, water and wastewater, and electric utilities. The software is used to configure and install radios in a Frequency Hopping (FH) network, as well as monitor the performance of the devices.
World authorities on Industrial Control Systems (ICS), Lucas Apa and Carlos Penagos discovered the vulnerability in the industrial automation software.
The software from ProSoft Technology generates a random passphrase and sets encryption levels to 128-bit Advanced Encryption Standard (AES) when it creates a new radio network. As the software uses the local time as the seed to generate passphrases, an attacker could predict the default values built into the software, making the system vulnerable to expedited brute-force passphrase/password attacks and other cryptographic based attacks.
According to Lucas Apa, security researcher for IOActive, wireless radios used in Industrial Control Systems use software, like that from ProSoft Technology, to create and manage a new network. When a new network is created, the software calculates a passphrase using a pseudorandom number generator. Since it uses the local time as the seed, the algorithm is made predictable and weak, and vulnerable to expedited brute-force passphrase and other cryptographic-based attacks.
Carlos Penagos, security researcher for IOActive adds that the attacker, by being able to guess the passphrase could communicate with the network the device is connected to with devastating consequences. For example, if an attacker is able to communicate with devices on the wireless network of a nuclear power plant, he could manipulate the data sent from these devices to industrial processes and cause dangerous consequences by overheating liquids or over pressurising chemicals, which in turn would result in catastrophic failure.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently published an advisory providing details of the vulnerability. ProSoft Technology has produced a new firmware patch to mitigate this vulnerability. IOActive has also issued its own IOActive Labs Advisory outlining the affected products, the impact and the solution.