Synergy Systems & Solutions HUSKY RTU (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

CVEs (6)

Remediations

• Upgrade to firmware Version 5.1.2 or higher. Consult with SSS for possible issues during upgrade, prior to implementing this recommendation.
• Implement network segmentation and firewall policies to reduce exposure of the RTU to uncontrolled and unprotected access.
• Follow recommended security practices and configure firewalls to help protect an industrial control network from attacks that originate from outside the network. Such practices include ensuring that protection, control, and automation systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and other practices to be evaluated case by case.
• Do not allow the use of protection, control, and automation systems for Internet surfing, instant messaging, or receiving e-mails.
• Block all nontrusted IP communications.
• Configure trusted IP address access (IP whitelisting) in the RTU configuration for IEC-104 protocol to restrict hosts that can access the RTU.
• Implement passwords in the RTU to restrict access to the RTU, via Husky Studio.
• If possible, set up an SSL tunnel between the RTU and control center to restrict access to the RTU.
• For more information, see the associated SSS security bulletin.

Affected Vendors

Affected Products (1)

Affected Sectors

Energy, Transportation Systems