09 октября 2020
KLCERT-20-015: Remote Code Execution in ARC Informatique PcVue
Vendor
ARC Informatique
-
CVE-IDS
-
KLCERT
KLCERT-20-015
Timeline
Timeline
-
Kaspersky ICS CERT advisory updated
15 ноября 2023
-
Kaspersky ICS CERT advisory published
09 октября 2020
Description
CVSS v3
Exploitability
Remotely exploitable, network access to port 8090/TCP is required
Attack complexity
User interaction
Impact
Existence of exploit
PoC
Affected products
- ARC Informatique PcVue 8.10.0 (including) through 11.2.06100 (excluding)
- ARC Informatique PcVue 12.0.0 (including) through 12.0.23 (excluding)
- ARC Informatique PcVue 15.0.0 (including) through 15.1.2 (excluding)
Mitigation
Vendor mitigation
Update ARC Informatique PcVue software to v11.2.06100 / v12.0.23 / v15.1.2 or newer.
The Property Server is part of the Web & Mobile extensions of PcVue. If your system does not requires the use of the Web & Mobile features, you should make sure not to install them. In all cases, Web & Mobile extensions should only be installed on the PcVue Web back end server.
Kaspersky ICS CERT mitigation
- Set up the border firewall (or a similar network traffic control solution) to allow only authorized parties to send traffic to port 8090/TCP of the system.
- Use virtual private networks (VPN) to secure remote access to the industrial network. A VPN encrypts network traffic between VPN clients and the VPN server, as well as providing secure authorized access to local resources on the company’s internal network. Traffic encryption protects against traffic eavesdropping attacks, including man-in-the-middle (MITM) and other types of traffic analysis attacks.
- Compartmentalize your network: implement network segmentation and strict access control for each segment to provide more comprehensive and effective protection against a wide range of threats. Proper network segmentation prevents attackers from reaching critical assets in the event of a network breach.
- Implement a network intrusion detection system (NIDS). A comprehensive intrusion detection system is capable of detecting unusual network connections and abnormal traffic sent to the device, providing timely information about various suspicious activities and sufficiently reducing the attacker’s chances of successful exploitation.
Kaspersky Lab publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky Lab does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
Timeline
-
Kaspersky ICS CERT advisory updated
15 ноября 2023
-
Kaspersky ICS CERT advisory published
09 октября 2020