CVE-2023-6061 Explained : Impact and Mitigation

This CVE record highlights a vulnerability in the SCADA software Iconics Suite, known as Phantom DLL Vulnerability, with the CVE ID of CVE-2023-6061. The vulnerability was discovered by Asher Davila and Malav Vyas of Palo Alto Networks.

Understanding CVE-2023-6061

The Phantom DLL Vulnerability in the Iconics Suite exposes multiple components to a security risk due to improper handling of dynamic link libraries (DLLs). This flaw could potentially allow attackers to execute malicious code by manipulating DLLs with similar names in accessible paths.

What is CVE-2023-6061?

The CVE-2023-6061 vulnerability involves multiple components within Iconic's SCADA Suite, including MMXFax.exe, MelSim2ComProc.exe, and MMXCall_in.exe. These components are susceptible to a Phantom DLL loading vulnerability where DLLs may be loaded improperly, leading to potential code execution by threat actors.

The Impact of CVE-2023-6061

The impact of this vulnerability, as classified under CAPEC-641 (DLL Side-Loading), can result in high confidentiality and integrity impacts. Attackers with low privileges can exploit this flaw locally, requiring user interaction but not affecting system availability.

Technical Details of CVE-2023-6061

The vulnerability is categorized under two problem types: CWE-427 (Uncontrolled Search Path Element) and CWE-426 (Untrusted Search Path). This vulnerability has a CVSSv3.1 base score of 6.6, indicating a medium severity issue with low attack complexity and required privileges.

Vulnerability Description

The vulnerability arises from improper searching and loading of dynamic link libraries by the affected components, potentially enabling malicious code execution through DLLs with matching names in accessible paths.

Affected Systems and Versions

The affected platform for this vulnerability is Windows, specifically impacting the SCADA software Iconics Suite version 10.97.2 and potentially other versions.

Exploitation Mechanism

Attackers can exploit the Phantom DLL loading vulnerability by placing malicious DLLs with matching names in locations where the vulnerable components will load them, thereby executing unauthorized code.

Mitigation and Prevention

To address CVE-2023-6061, follow these mitigation strategies to enhance the security of systems using the affected Iconics Suite:

Immediate Steps to Take

Update the vulnerable software components to the latest patched versions.
Implement strict access controls and restrict unnecessary privileges on systems running the SCADA software.

Long-Term Security Practices

Conduct regular security assessments and audits to identify and address potential vulnerabilities proactively.
Educate users and IT staff about secure coding practices and the risks associated with DLL vulnerabilities.

Patching and Updates

ICONICS should release patches or updates addressing the Phantom DLL vulnerability promptly. Ensure that all systems running the vulnerable software are updated to the latest secure versions to mitigate the risk of exploitation.