CVE-2022-21155 – CVE-2022-21155 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-21155?

CVE-2022-21155 has a CVSS score of 7.5 (HIGH). CVE-2022-21155 is a denial-of-service vulnerability in Fernhill SCADA Server where a specially crafted network packet can cause the server process to crash. This affects industrial control systems using Fernhill SCADA Server Version 3.77 and earlier, potentially disrupting monitoring and control operations.

📋 TL;DR

CVE-2022-21155 is a denial-of-service vulnerability in Fernhill SCADA Server where a specially crafted network packet can cause the server process to crash. This affects industrial control systems using Fernhill SCADA Server Version 3.77 and earlier, potentially disrupting monitoring and control operations.

💻 Affected Systems

Products:

Fernhill SCADA Server

Versions: Version 3.77 and earlier

Operating Systems: Windows (based on FHSvrService.exe reference)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the main server process (FHSvrService.exe) that handles SCADA communications.

📦 What is this software?

Scada Server by Fernhillsoftware

View all CVEs affecting Scada Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SCADA server outage leading to loss of visibility and control over industrial processes, potentially causing operational disruption or safety incidents in critical infrastructure.

🟠

Likely Case

Temporary service interruption requiring manual restart of the SCADA server, causing monitoring gaps and potential process disruptions.

🟢

If Mitigated

Minimal impact with redundant systems and proper network segmentation preventing exploitation attempts.

🌐 Internet-Facing: HIGH if SCADA server is directly exposed to internet, as attack requires only network access.

🏢 Internal Only: MEDIUM as internal attackers or compromised systems could exploit this, but requires network access to SCADA server.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted packets to the server, but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.78 or later

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-02

Restart Required: Yes

Instructions:

1. Download Fernhill SCADA Server Version 3.78 or later from vendor. 2. Backup current configuration. 3. Install the updated version. 4. Restart the FHSvrService.exe service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Fernhill SCADA Server to only trusted systems and networks.

firewall rules to limit access to SCADA server ports

Process Monitoring and Auto-restart

windows

Configure monitoring to automatically restart FHSvrService.exe if it crashes.

sc config FHSvrService start= auto
Use Windows Task Scheduler or monitoring tools to restart on failure

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to SCADA server
Deploy intrusion detection systems to monitor for anomalous network traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Fernhill SCADA Server version - if it's 3.77 or earlier, it's vulnerable.

Check Version:

Check Fernhill SCADA Server documentation or interface for version information

Verify Fix Applied:

Verify installation of Version 3.78 or later and confirm FHSvrService.exe is running without crashes.

📡 Detection & Monitoring

Log Indicators:

Unexpected termination of FHSvrService.exe in Windows Event Logs
Service crash events with exception codes

Network Indicators:

Unusual network traffic patterns to SCADA server ports
Malformed packet attempts

SIEM Query:

EventID=7034 OR EventID=1000 AND ProcessName="FHSvrService.exe"

📊 Metadata

CVE ID: CVE-2022-21155

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: April 12, 2022

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-02 Mitigation,Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-02 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21155, you might also want to check these: