logo
DATABASE RESOURCES PRICING ABOUT US

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

Description

Title: ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Advisory ID: [ZSL-2022-5698](<ZSL-2022-5698.php>) Type: Local/Remote Impact: System Access, DoS, Cross-Site Scripting, Manipulation of Data Risk: (4/5) Release Date: 22.02.2022 ##### Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wired communications using Modbus, DF1, SNP, and Ethernet IP protocols along with Ethernet-Serial bridging for Modbus or any other protocol. Each Scadaflex II controller has both analog and digital, inputs and outputs, sufficient for pumping stations, irrigation controls, and other similar process monitoring and control applications. They can also serve as communications concentrators and protocol converters that enhance the operation of existing PLCs and process equipment. ##### Description The SCADA controller is vulnerable to unauthenticated file write/overwrite and delete vulnerability. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability. ##### Vendor Industrial Control Links, Inc. - <http://www.iclinks.com> ##### Affected Version SW: 1.03.07 (build 317), WebLib: 1.24 SW: 1.02.20 (build 286), WebLib: 1.24 SW: 1.02.15 (build 286), WebLib: 1.22 SW: 1.02.01 (build 229), WebLib: 1.16 SW: 1.01.14 (build 172), WebLib: 1.14 SW: 1.01.01 (build 2149), WebLib: 1.13 ##### Tested On SCADA HTTP Server ##### Vendor Status [06.11.2021] Vulnerability discovered. [16.01.2022] Vendor contacted. [21.02.2022] No response from the vendor. [22.02.2022] Public security advisory released. ##### PoC [sflex.py](<../../codes/sflex.txt>) ##### Credits Vulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)> ##### References [1] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25359> [2] <https://nvd.nist.gov/vuln/detail/CVE-2022-25359> [3] <https://packetstormsecurity.com/files/166103> [4] <https://cxsecurity.com/issue/WLB-2022020117> [5] <https://exchange.xforce.ibmcloud.com/vulnerabilities/220156> [6] <https://vulners.com/zeroscience/ZSL-2022-5698> [7] <https://www.exploit-db.com/exploits/50783> [8] <https://www.cisa.gov/uscert/ncas/bulletins/sb22-059> ##### Changelog [22.02.2022] - Initial release [23.02.2022] - Added reference [5], [6] and [7] [05.03.2022] - Added reference [8] ##### Contact Zero Science Lab Web: <https://www.zeroscience.mk> e-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)


Related