SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-294378829] Tollgrade Smart Grid EMS LightHouse Vulnerabilities

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-07-12OTHERLightHouseAshish KambleN/A2016-5790, 2016-5797, 2016-5807N/AN/AN/A

Source

						
							
								
#
# Tollgrade Smart Grid EMS LightHouse Vulnerabilities
#


### OVERVIEW

Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.'s Smart Grid LightHouse Sensor Management System (SMS) Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate that it resolves these vulnerabilities.

These vulnerabilities could be exploited remotely.




### AFFECTED PRODUCTS

Tollgrade Communications, Inc. reports that the vulnerabilities affect the following versions of LightHouse SMS Software:

LightHouse SMS, versions prior to Version 5.1, Patch 3






### IMPACT

An attacker who exploits these vulnerabilities may be able to restart the system, brute force a login, or change privileged parameters.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.






### BACKGROUND

Tollgrade Communications, Inc. is a United States-based company that maintains offices in the United Kingdom and Germany.

The affected product, LightHouse SMS Software, is a web-based distribution monitoring system. According to Tollgrade Communications Inc., LightHouse SMS Software is deployed across the Energy sector. Tollgrade estimates that this product is used primarily in North America, Europe, and South America.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

MISSING AUTHENTICATION FOR CRITICAL FUNCTION

An attacker can restart the LightHouse SMS Software without authentication.
CVE-2016-5790 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).



INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE

The content of error messages facilitates a brute force authentication attack.
CVE-2016-5797 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).



FORCED BROWSING

A low privileged user can access and modify parameters that only an administrator should be able to access.
CVE-2016-5807 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).







### VULNERABILITY DETAILS


# EXPLOITABILITY

These vulnerabilities could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target these vulnerabilities.


# DIFFICULTY

An attacker with a low skill would be able to exploit these vulnerabilities.





### MITIGATION

Tollgrade Communications Inc. released updated software, Version 5.1, Patch 3, which resolves these vulnerabilities. Users should contact Tollgrade Communications Inc. for support at the numbers below.

Tollgrade Communications, Inc.
Toll Free: 1 800-777-5405
Phone: 1 724-720-1480

Updated software may be found on its support site at:

http://customersupport.tollgrade.com