If you’ve been looking for my slides from the SCADA Summit that included information on the GE Fanuc iFIX vulnerabilities that I discovered and reported, then you’re still out of luck, but this is just as good, really.  If you’re an end-user of iFIX, or a penetration tester/red-team member testing installations of iFIX products, this is really all the info you need:

It’s a pretty good prose description of the vulnerabilities, in more detail than I was expecting from them.  Boiling it down to a couple of bullet points, these vulnerabilities encompass the following issues (trying not to put it in more detail than their write-up):

  • Password storage is done in an easily reversible manner
  • “Network” authentication involves passing the file over Windows shares without additional encryption/protection
  • Authentication of users can be bypassed, as iFIX’s security measures for managing users’ access run in the context of the currently-logged-in Windows user that is running the iFIX system.
  • Features that prevent operators from exiting the HMI screen can be bypassed with an auto-run capable USB drive (such as U3).

There are some excellent suggestions for end-users that would allow them to mitigate the impact of these vulnerabilities until they are fixed in a future release of iFIX.  There’s good advice in there, even if you’re running something other than iFIX for your HMI.

Enjoy!

Edit: Quick edit for clarity.

  2 Responses to “GE Fanuc releases info on iFIX vulnerabilities VU# 310355”

  1. [...] contact Wesley McGrew: | email – wesley@mcgrewsecurity.com | gpg key | aim – wesleymcgrew | twitter – mcgrewsecurity | McGrew Security Blog « GE Fanuc releases info on iFIX vulnerabilities VU# 310355 [...]

  2. [...] Wesley McGrew has published information on the GE iFix vuln and fix. [...]

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha