Newport XPS-Cx, XPS-Qx
ICSA： ICS Advisory (ICSA-17-178-01)
CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit.
Equipment: XPS-Cx, XPS-Qx
Vulnerability: Improper Authentication
The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected:
- XPS-Cx all versions, and
- XPS-Qx all versions.
Successful exploitation of this vulnerability may allow an attacker to view and edit settings without authenticating by accessing a specific uniform resource locator (URL).
Newport reports that this issue will be addressed in the next generation XPS-Dx controller.
NCCIC/ICS-CERT and Newport recommend that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
- Not connect control components and control networks to an open network such as the Internet or an office network. Newport recommends putting control components and control networks behind a firewall.
- Limit physical and electronic access to all automation components to authorized personnel only.
- Change the default passwords before first use. This will reduce the risk of unauthorized access to systems.
- Regularly change passwords. This will reduce the risk of unauthorized access to systems.
- If remote access to control components and control networks is required, use a Virtual Private Network (VPN).
- Regularly perform threat analyses. Check whether the measures taken meet company security requirements.
- Use “defense-in-depth” mechanisms in the system’s security configuration to restrict the access to and control of individual products and networks.
- Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls and isolate them from the business network.
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability.
An attacker may bypass authentication by accessing a specific uniform resource locator (URL).
Maxim Rupp identified the vulnerability.
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States