Saia Burgess Controls PCD Controllers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-9628)

medium Tenable OT Security Plugin ID 500391

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Saia Burgess Controls strongly recommends that users update to the latest versions of firmware, Version 1.28.16 or 1.24.69.

The security upgrade section of the Saia Burgess Controls web page links to the latest versions and offers security tips and upgrade information:

https://www.sbc-support.com/en/product-category/communication-protocols/pcd-on-internet/upgrade-it-security/

Please see the latest update information for this product at the following web site:

https://www.sbc-support.com/en/product-index/

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05

http://www.securityfocus.com/bid/100949

Plugin Details

Severity: Medium

ID: 500391

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-9628

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:saia_burgess_controls:pcd_controllers_firmware

Required KB Items: Tenable.ot/Saia

Exploit Ease: No known exploits are available

Patch Publication Date: 10/5/2017

Vulnerability Publication Date: 10/5/2017

Reference Information

CVE: CVE-2017-9628

CWE: 200

ICSA: 17-234-05