Fuji Code Execution Vulnerability Puts Industrial Equipment at Security Risk

Fuji Code Execution Vulnerability Puts Industrial Equipment at Security Risk

The FBI has warned of multiple high-severity arbitrary code execution security vulnerabilities in Fuji Electric’s industrial control software (ICS). Authorities have warned that the breaches could lead to physical attacks on factories as well as critical infrastructure.

Both Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite are affected by this vulnerability, and both have a CVSS severity rating of 7.8. These two products can form a comprehensive human-machine interface (HMI) system, which is mainly used for remote monitoring and real-time collection of production data, and control of various key infrastructure equipment in the industry. It can interface with programmable logic controllers (PLCs), temperature controllers, frequency converters, etc. from various manufacturers.

“By exploiting these vulnerabilities, an attacker could execute arbitrary code with the permissions of the application,” CISA explained.

According to a warning issued this week by the Cybersecurity and Infrastructure Security Agency (CISA), the security flaws require “high conditions for exploitation.” They cannot be exploited remotely, so a non-local attacker must gain initial access to a user’s computer before conducting an attack. However, Gurucul CEO Saryu Nayyar told Threatpost that this condition is not difficult to achieve.

“The most likely way to attack is to compromise a user’s desktop through a mainstream, common method, or otherwise gain access to the platform affected by the vulnerability, and then a malicious attacker uploads a malicious file to the system,” she said. , the file would exploit the vulnerability, allowing an attacker to compromise the server.”

real attack scenario

While the best way to produce in an industrial environment is to run physical equipment in an isolated environment (Operational Technology or OT environment), more and more platforms, such as Tellus Lite V-Simulator and V-Server Lite, integrate IT Resources connect to previously isolated environments. This behavior in turn exposes the ICS to potential physical attacks.

Christian Espinosa, general manager of Cerberus Sentinel, explained to Threatpost: “One of the biggest challenges for ICS and SCADA systems is that they are no longer running on isolated networks, and although usually the ‘firewall’ is off, they are basically connected On the Internet, this greatly increases the risk of hackers exploiting vulnerabilities.”

In this environment, Nayyar said, the worst-case scenario is for an attacker to execute a file that could cause damage to a large number of manufacturing equipment on a production line. But, she said, “the more likely scenario is that industrial production slows down and the production line loses a lot of valuable data”.

According to Espinosa, the exploits serve several other purposes.

“An attacker could change the data displayed on the HMI monitoring system so that the supervisor of the monitoring system would not be aware of the hacker’s attack on a remote device,” he explained. He used an analogy, the situation is like launching an attack on the image signal of a camera, so that criminals can attack without security personnel noticing.

“Alternatively, they could create an anomalous message on the monitor Display, which then prompts an emergency response from the equipment,” he added, noting that it’s akin to triggering a fire alarm that would have the person monitoring the system turn on the sprinklers to put out the fire, while simultaneously destroy equipment.

He said: “Stuxnet actually exploits a similar vulnerability, a vulnerability in Stuxnet is to make the data on the HMI appear to have no abnormality, so that the centrifuge does not alert the operator that it is now spinning at an extremely high speed, It will eventually cause the centrifuge to rupture.”

Specific vulnerabilities of Fuji Electric

Five different security flaws exist in the affected versions of Fuji Electric Tellus Lite V-Simulator and V-Server Lite. They are both triggered when the application processes the project file, which allows an attacker to craft a special project file for arbitrary code execution attacks.

These vulnerabilities include:

Multiple stack-based buffer overflow vulnerabilities collectively referred to as CVE-2021-22637.

Multiple out-of-bounds read vulnerabilities, collectively referred to as CVE-2021-22655.

Multiple out-of-bounds write vulnerabilities, collectively referred to as CVE-2021-22653.

An uninitialized pointer vulnerability (CVE-2021-22639).

And there is also a heap-based buffer overflow vulnerability (CVE-2021-22641).

The platform was vulnerable in versions prior to v4.0.10.0. So far, there are no publicly available tools specifically targeting these vulnerabilities, but administrators should install patches soon, CISA said.

Nayyar said: “This attack is a platform-specific vulnerability, and a patch has now been developed. This is the first step in preventing an attack, and in a more general sense, it is always best to keep a system up-to-date with patches. Security measures. Manufacturing equipment should operate in an industrial environment as isolated as possible to reduce the possibility of exposure to the outside world; and, control systems need to strengthen network security protection measures through security policies, processes and technologies to reduce unauthorized access. risk.”

Kimiya, Tran Van Khang of VinCSS, and an anonymous researcher reported the vulnerabilities to CISA through a partnership with Trend Micro’s Zero-Day Program.

The Links:   LP104V2 QM100DY-H

micohuang