This afternoon the DHS ICS-CERT published three advisories for control system vulnerabilities. The advisories affected products from eWON, Motorola, and Schneider.
This advisory describes multiple vulnerabilities in the eWON sa industrial router. The vulnerabilities were reported by Karn Ganeshen. eWON has developed a firmware update to mitigate the vulnerabilities, but there is no indication that Ganeshen has been provided the opportunity to verify the efficacy of the fix.
The vulnerabilities include:
• Weak session management - CVE-2015-7924;
• Cross-site request forgery - CVE-2015-7925;
• Weak RBAC controls - CVE-2015-7926;
• Stored cross-site scripting - CVE-2015-7927;
• Passwords not secured - CVE-2015-7928; and
• Post/get issues - CVE-2015-7929
ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability.
A more detailed explanation of the individual vulnerabilities can be found on the eWON Security Enhancements page.
NOTE: This advisory has a much more detailed ‘Impact’ description than you find on most ICS-CERT advisories. Since these explanations would usually be the same for that given vulnerability across most platforms these explanations could be canned and served up with the appropriate vulnerability.
This advisory describes twin vulnerabilities in the Motorola MOSCAD IP Gateway. The vulnerabilities were reported by Aditya K. Sood. Since support for this product was discontinued in 2012 there will be no patches or updates for this product.
The vulnerabilities are:
• Remote file inclusion - CVE-2015-7935; and
• Cross-site request forgery - CVE-2015-7936
ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to perform actions with the permissions of a valid user.
This advisory describes a buffer overflow vulnerability in the Schneider Modicon M340 PLC. The vulnerability was discovered by Nir Giller. Schneider has produced a firmware pathe to mitigate the vulnerability but there is no report that Giller has been provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability crash the device and perhaps run arbitrary code.
The Schneider Security Notification provides a very detailed explanation of how this vulnerability works.