-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability
17 June 2015
AusCERT Security Bulletin Summary
Product: RLE Nova-Wind Turbine HMI
Operating System: Network Appliance
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
CVE Names: CVE-2015-3951
Revision History: June 17 2015: Revised as alert and summary added
June 17 2015: Updated impact and vulnerability overview
June 15 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability (Update A)
Original release date: June 11, 2015 | Last revised: June 15, 2015
All information products included in http://ics-cert.us-cert.gov are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For
more information about TLP, see http://www.us-cert.gov/tlp/.
This updated advisory is a follow-up to the original advisory titled
ICSA-15-162-01 RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability
that was published June 11, 2015, on the NCCIC/ICS-CERT web site.
Independent researcher Maxim Rupp has identified an unsecure credential
vulnerability in the RLE International GmbH Nova-Wind Turbine HMI. RLE has
been unresponsive in validating or addressing the alleged vulnerability.
ICS-CERT is releasing this advisory to warn and protect critical asset owners
of this serious issue.
This vulnerability could be exploited remotely.
The following RLE International GmbH product is affected:
Nova-Wind Turbine HMI
- --------- Begin Update A Part 1 of 2 --------
Plain text credentials can be used to gain unauthorized access to the device.
This means that a malicious party could perform any action on the device
including change or modify configurations and settings.
- --------- End Update A Part 1 of 2 ----------
Impact to individual organizations depends on many factors that are unique to
each organization. ICS-CERT recommends that organizations evaluate the impact
of this vulnerability based on their operational environment, architecture,
and product implementation
RLE International GmbH is a Germany-based company that maintains offices in
several countries around the world, including the US, UK, Sweden, and India.
The affected product, Nova-Wind Turbine HMI, is a human-machine interface
(HMI) for a wind turbine. This product is used in the Energy Sector.
- --------- Begin Update A Part 2 of 2 --------
PLAINTEXT STORAGE OF A PASSWORD[a]
The Nova-Wind Turbine HMI stores credentials in a plaintext file. If a
malicious user recovers this file, then they could use the credentials to
authenticate with the HMI and make changes to the configuration.
- --------- End Update A Part 2 of 2 ----------
CVE-2015-3951[b] has been assigned to this vulnerability. A CVSS v2 base score
of 10.0 has been assigned; the CVSS vector string is
This vulnerability could be exploited remotely.
EXISTENCE OF EXPLOIT
No known public exploits specifically target this vulnerability.
An attacker with a low skill would be able to exploit this vulnerability.
ICS-CERT has attempted on multiple occasions to contact the vendor regarding
this serious flaw and have according to our vulnerability disclosure policy
now produced this advisory. Insecure credential vulnerabilities create a
serious risk to asset owners. ICS-CERT strongly recommends ensuring that the
impacted product is not connected to the Internet or any network as this
vulnerability is remotely exploitable.
a. CWE-256: Plaintext Storage of a Password,
http://cwe.mitre.org/data/definitions/256.html, web site last accessed June
b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3951, web
site last accessed June 15, 2015.
c. CVSS Calculator,
site last accessed June 11, 2015.
For any questions related to this report, please contact ICS-CERT at:
Toll Free: 1-877-776-7585
International Callers: (208) 526-0900
For industrial control systems security information and incident reporting:
ICS-CERT continuously strives to improve its products and services. You can
help by choosing one of the links below to provide feedback about this
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----