This afternoon the DHS ICS-CERT published three advisories
for industrial control system vulnerabilities in systems from Siemens,
Schneider and Saia Burgess Controls. ICS-CERT also announced an alternative
method for notification of the release of advisories, alerts, and other
publications.
Siemens Advisory
This advisory
describes an authentication bypass vulnerability in a number of Siemens SIMATIC
Communications Processor devices. The vulnerability was reported by Lei
ChengLin (Z-0ne) from the Fengtai Technologies’ Security Research Team. Siemens
has produced a firmware update for one of the devices (SIMATIC CP 343-1) and
the other updates are in the works. There is no indication that Lei has been
provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to perform administrative operations on the
Communication Processor. Network access to Port 102/TCP is required and the Communication
Processor’s configuration must be stored on its corresponding CPUs for the vulnerability
to be exploited. Siemens
notes that firewall functionality of Advanced-CPs must be turned off for
port 102/TCP for the vulnerability to be exploited.
NOTE: This vulnerability was announced
by Siemens on TWITTER last Friday.
Schneider Advisory
This advisory
describes eleven ActiveX code injection vulnerabilities (listed under a single
CVE) in the Schneider ProClima F1 Bookview ActiveX control application. The
vulnerabilities were reported through the Zero Day Initiative by Ariele
Caltabiano and Fritz Sands ( Sands was mentioned in the Schneider
advisory but not the ICS-CERT Advisory). Schneider has produced an update
to mitigate these vulnerabilities but there is no indication that Caltabiano
was provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit these vulnerabilities to modify arbitrary memory and
lead to remote code execution.
Schneider reports that the vulnerabilities reside in the
thermal calculation software.
Saia Burgess Controls
Advisory
This advisory
describes a hard-coded password vulnerability in the Saia Burgess Controls family
of PCD controllers. The vulnerability was reported by Artyom Kurbatov. Saia has
produced a new firmware version that mitigates the vulnerability and Kurbatov
has validated the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to gain administrative access to the target
device and resources.
Saia
cautions that the upgraded firmware will still not protect the PCD
controllers if they are connected directly to the Internet. Their Security
Rules document provides recommended details for protecting the security of
these controllers.
GovDelivery
You can now get ICS-CERT publications sent directly to your
email via GovDelivery. Simply register
for the service, click on which publications you want and wait for the emails.
Publications from National Cyber Awareness System Mailing Lists and the Critical
Infrastructure Cyber Community Voluntary Program (C3VP) are also available from
this system.
DHS has tried these email notification systems for a number
of their web sites. I’ve signed up for a bunch of them and the notifications
seem to dry up after a while. Maybe this one will be different. Go ahead, give
it a try; I did. We all take perverse pride in our inflated inboxes.
No comments:
Post a Comment