The ArchestrAnaut

Straight from the Overview on the linked document

Invensys is aware that a denial of service type vulnerability, including exploit code has been posted on the web against the Wonderware Suitelink service, which is a common component of the System Platform and used to transport value, time and quality of digital I/O information and extensive diagnostics with high throughput between industrial devices, 3rd party and Wonderware products.
Invensys has confirmed the vulnerability exists for Wonderware products prior to the latest 2012 release and has identified mitigations for other products and prior versions. Please see the affected product list below.

The 54.0.0.0 and older versions of the SLSSVC Service can be crashed remotely due to a long and unallocatable unicode string when calling the internal _Grow() function. Version 58.0.0.0 and higher is not susceptible to this vulnerability. The SuiteLink version shipped with InTouch 2012 and WAS 2012 is not vulnerable to a crash but will show excessive resource consumption if exploited.
Invensys is preparing a Security Update that mitigates the identified denial of service vulnerability and can be installed on all supported versions of Wonderware products that use the SuiteLink service. Since this is a common component, Wonderware recommends the installation of this security update on all Wonderware product nodes that use SuiteLink communication.

To get all the details, follow this link below..

https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000038.pdf

Or, if you are sufficiently paranoid and don’t trust clicking on arbitrary links (good for you), this is the top item on the list when you login to WDN.

- Andy

Like many others I’ve been following the salacious developments around Cyber Security and our dear SCADA systems.  If you’re involved with any kind of SCADA chances are you have some kind of somewhat valuable target that an outside entity might be interested in either destroying or just messing with.  Maybe it’s nothing more than a building management system controlling the HVAC.  If nothing else they could crank the temperature way or up way down to make people really uncomfortable.  Yes, no harm no foul, but I wouldn’t want to explain that to my boss how someone hacked in a took control of the environment.

So that got me to thinking.  Why, fundamentally, do most environments really suck at being secure.  Is it for lack of desire to be secure or lack of capabilities?  I’ve certainly been in a number of places where the operators “won” and the HMI either had no password or it was posted on a sticky note.  I guess you could say the sticky note method is somewhat “cyber secure”, but terrible nonetheless.  Chances are that password hasn’t been changed in 5 years so it’s really pretty worthless.  Say we get past the desire to be secure and we’ve handed out passwords to the operators and engineers who work on the system.  The next step is the capability of securing the environment.

Read the rest of this entry »

I had a recent issue with a customer where their InSQL instance just stopped recording data to disk.  It was reading the data coming in just fine, it just wasn’t getting to disk.  I go through the basics but can’t quite get it to come back.  Place a call to tech support.  Turns out the customer is running InSQL 9.0 Patch 01.  My friendly tech support person quickly informed me that my customer was way out of support. 

She said she’d be willing to help just a little bit but she couldn’t really do much until I was at least at Patch 02.  Realistically, she said, I needed to be on Version 10 to give me a fighting chance to get adequate support.  Well, this customer is in an FDA regulated environment so upgrade means months and $$$.

Read the rest of this entry »

In the interest of fairness I promised I would post back once our issues with CoreTrace were resolved.  Turns out the performance issues were related to a multicast address that didn’t play well with our network design.  The customer had a resource from CoreTrace in, fixed up the issue, and now the performance is what you would expect.  Now we’re looking forward to see how we actually integrate this software into our System Platform environment.

One of my customers came across the CoreTrace Bouncer product for securing your servers.  Put simply it works by allowing only specific EXE’s and DLL’s to run if they have been configured as valid.  This is 180 degrees from blacklisting systems like Anti-Virus who only stop activities if the attacker is on a list of known bad actors.  Seems like a great technology especially on systems where once you get it configured you typically leave it alone.  We’re working on getting it up and running but it’s been a bit painful.  They deliver the app via on OVA package that you are supposed to just import and run.  Well, a little work in Ubuntu and Webmin later we’re finally running.  I’ll have to say that so far I’m a little skeptical, at least as far as the UI goes.  Supposedly the fact that I don’t have a gateway is causing all kinds of problems.  Well, I operate my system in an ultra secure fashion, not connecting to external systems.. obviously I’m not going to have a gateway.  They’ve also chosen to use Silverlight for the UI.  That’s pretty and fancy but how comfortable are you that all the security bugs have been worked out of the technology.

Anyway, I suspect that once we’re all up and running the technology itself will work great, just getting a little frustrated with the process getting there.  I’ll post an update after we rebuild things this afternoon with the service guy to see how it goes.

- Andy

IAS is as flexible as or more flexible than any other platform out on the market in terms of the breadth of programming possibilities. The concept of inheritance makes it possible to make changes at a template level and all of its children (templates & instances) will be changed too. Equally as powerful is IAS’s inclusion of .NET in their QuickScript language.

Read the rest of this entry »

I had fully intended to write up daily summaries from Ops Manage but I’m not quite that industrious. So instead here are some quick bits I picked up along the way.

Read the rest of this entry »