May 30, 2016
ICS-CERT published last week an advisory, warning companies to protect their ICS/SCADA systems if they use the Environmental Systems Corporation (ESC) 8832 Data Controller in their network.
The ESC 8832 is a management system that sits between the PLCs (programmable logic controllers) and a company’s servers, complete with a Web-based administration panel that lets employees modify PLC input/output settings without having to perform this task manually or via other computer programs.
This equipment is regularly found in the energy sector, especially in the oil and gas field, where they help calibrate and switch gas solenoids and other ICS/SCADA equipment.
There’s no room to make firmware updates
ICS-CERT, based on the work of security researcher Maxim Rupp, is now alerting companies not to use this component anymore because of two security issues. The problem that ICS-CERT highlights is that the component doesn’t have enough memory space to install firmware updates.
The two vulnerabilities Rupp discovered also exacerbate this situation because of their gravity.