Today the DHS ICS-CERT published two new control system advisories for systems from Sinapsi and N-Tron.
This advisory describes a plain text password vulnerability in the Sinapsi eSolar Light application. The vulnerability was disclosed by Maxim Rupp. Sinapsi had produced a new version that mitigates the vulnerability but there is no indication that Rupp has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker with local system access could exploit this vulnerability to gain system passwords.
ICS-CERT reports that the updated version is available by contacting Sinapsi on their web site. ICS-CERT does not provide a link to the web site.
Interestingly an earlier ICS-CERT alert for separate Sinapsi eSolar Light vulnerabilities indicates that this product had also been sold under the names Enerpoint eSolar Light, Schneider Electric Ezylog Photovoltaic Management Server, Gavazzi Eos-Box, and Astrid Green Power Guardian. I suspect that at least some versions of those products might be affected by this vulnerability as well.
This advisory describes a hard-coded encryption key vulnerability in the N-Tron 702-W Industrial Wireless Access Point device. The vulnerability was reported to ICS-CERT by Neil Smith of ZeroFox. ICS-CERT reports that:
“N-Tron has been notified of this reported vulnerability, and NCCIC/ICS‑CERT has not been able to successfully coordinate this issue with N-Tron or Red Lion because of the vendor’s unresponsiveness. ICS-CERT is unaware of any fix, patch, or update by N-Tron that mitigates this vulnerability. This advisory is being published to inform critical infrastructure asset owners of the risk of using this equipment and for them to increase compensating measures if possible.”