This afternoon the DHS ICS-CERT published alerts for four control system product vulnerabilities that were publicly disclosed during DefCon 2015 by Aditya K. Sood on August 8th. Proof-of-concept exploit code was presented at the conference.
Three of the four vulnerabilities were disclosed to ICS-CERT shortly before their release in Las Vegas, but they have not yet been able to complete the coordination/verification process with the vendors.
This alert describes three password related vulnerabilities in the Moxa ioLogik E2210 Ethernet Micro RTU controller. Two of these vulnerabilities are reportedly remotely exploitable.
This alert describes a cross-site request forgery vulnerability and an insufficiently protected password vulnerability in Prisma web products. Both of these vulnerabilities are reportedly remotely exploitable.
This alert describes three types of vulnerabilities in Schneider Electric’s Modicon M340 PLC Station P34 CPU modules. Those vulnerabilities include:
∙ Hard-coded credentials (remotely exploitable);
∙ Local file inclusion; and
∙ Remote file inclusion (remotely exploitable).
Some of these vulnerabilities were already in the coordination/mitigation process while others had not been disclosed to either ICS-CERT or Schneider.
This alert describes a hard-coded password vulnerability in KAKO HMI products. This vulnerability is remotely exploitable.