Tuesday, December 27, 2011

ICS-CERT Updates an Advisory and Upgrades an Alert

The DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published two advisories today. One was an update of a previously issued advisory (Sielco Systemi Winlog) and one was an upgrade of an alert to an advisory (Siemens Automation License Manager).

Sielco Systemi


The original Sielco Systemi Winlog Advisory was published on December 6th, 2011. The new information in this update is the link to a new release of Winlog that eliminates the vulnerability. Actually, the new link replaces separate links to the two different product (Winlog Lite and Winlog PRO) updates that were listed in the original advisory; that may have been because the earlier links were directly to .EXE files.

To make matters more interesting, the page on the Sielco Systemi web site mentions that the new version of Winlog Pro Scada and Winlog Lite SCADA just became available on December 20th; not the 6th and no mention is made of correcting the buffer overflow vulnerability. And there is only a link to the download of Winlog Lite; no link for Winlog Pro. I’m confused.

Siemens


The original alert for this particular Siemens vulnerability (there have been so many of late) was published on November 28th and updated on December 2nd, 2011. The original alert was based upon four vulnerabilities in the Siemens Automation License Manager reported by Luigi in an uncoordinated disclosure.

In a very timely manner Siemens has issued a patch for the ALM and the Advisory does provide a tiny bit more information about the vulnerabilities over what was provided in the Alerts.

ICS-CERT continues to have some problems reporting CVE links in this Advisory. Three of the four links provided will eventually link to CVE files on the NIST /US-CERT web site. The third of the four listed has an extra character (an X) that essentially destroys the link. When the CVE report becomes live the legitimate link will be:


BTW: ICS-CERT has quietly corrected their link errors that I reported last week.

No comments:

 
/* Use this with templates/template-twocol.html */