Full Report
Improper Ownership Management in Emerson OpenEnterprise SCADA versions before 3.3.4.
Analysis Summary
# Vulnerability: Improper Ownership Management in Emerson OpenEnterprise SCADA
## CVE Details
- **CVE ID:** CVE-2020-10632
- **CVSS Score:** 8.8 (High) - *Note: While the source text contains a typo of "0.0", the provided CVSS vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) calculates to 8.8.*
- **CWE:** CWE-282 (Improper Ownership Management) / CWE-276 (Incorrect Default Permissions)
## Affected Systems
- **Products:** Emerson OpenEnterprise SCADA
- **Versions:** All versions prior to 3.3.4
- **Configurations:** Systems where default folder security permissions have not been manually hardened.
## Vulnerability Description
The vulnerability stems from inadequate folder security permissions within the OpenEnterprise installation directory. Because the application does not properly manage ownership or restrict access to critical directories, a local user with low privileges can modify essential configuration files. This type of flaw is common in ICS environments where legacy installers may grant broad permissions to the "Users" or "Everyone" groups.
## Exploitation
- **Status:** PoC available
- **Complexity:** Low
- **Attack Vector:** Local (Requires local access to the SCADA workstation)
## Impact
- **Confidentiality:** High (Potential to read sensitive configuration data or credentials)
- **Integrity:** High (Unauthorized modification of system configuration and logic)
- **Availability:** High (Ability to cause system failure or unpredictable behavior, resulting in a denial of service)
## Remediation
### Patches
- **Upgrade to OpenEnterprise 3.3.5 (OpenEnterprise 3.3 Service Pack 5):** The vendor recommends upgrading all computers with OpenEnterprise installations to this version or later.
### Workarounds
- **Manual Permission Hardening:** Review and restrict NTFS permissions on the OpenEnterprise installation folders. Ensure that only authorized service accounts and administrators have write access to configuration files.
- **Principle of Least Privilege:** Ensure that users operating SCADA workstations do not have administrative rights or unnecessary access to application root directories.
## Detection
- **Indicators of Compromise:** Unauthorized changes to configuration files; unexpected system crashes; creation of unusual files in the application directory.
- **Detection methods and tools:** File Integrity Monitoring (FIM) can be used to track and alert on changes to critical SCADA configuration files. Review Windows Security Logs for event IDs related to file permission changes.
## References
- **Vendor Advisory (Emerson):** hxxps[://]www[.]emerson[.]com/en-us/support
- **Kaspersky ICS CERT:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2020/05/20/klcert-20-010-improper-ownership-management-in-emerson-openenterprise-scada-before-3-3-4/
- **NVD entry:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2020-10632