This morning the DHS ICS-CERT published two new control system security advisories for systems from Siemens and Tollgrade.
This advisory describes two vulnerabilities in the Siemens SIMATIC S7-1500 CPU family. The vulnerabilities were self-reported and Siemens has produced firmware upgrades to mitigate the vulnerabilities.
The two vulnerabilities are:
• Insufficient control flow management - CVE-2016-2200; and
• Predictability problems - CVE-2016-2201
ICS-CERT reports that a relatively low skilled attacker could remotely exploit these vulnerabilities to conduct a denial of service attack or reduce the replay protection efficiency of the device.
Siemens, in their Security Advisory, credit Lexfo and Amossys for reporting the respective vulnerabilities that were coordinated through Agence nationale de la sécurité des systèmes d’information (ANSSI).
This advisory describes four vulnerabilities reported in the Tollgrade Communications, Inc. SmartGrid LightHouse Sensor Management System (SMS) Software EMS. The vulnerabilities were reported by Maxim Rupp. Tollgrade has produced a software upgrade which mitigates the vulnerabilities and Rupp has had an opportunity to verify the efficacy of the upgrade.
The vulnerabilities include:
• Cross-site request forgery - CVE-2016-0863;
• Disclosure of information - CVE-2016-0864;
• Insecure credentials - CVE-2016-0865; and
• Cross-site scripting - CVE-2016-0866
ICS-CERT reports that these vulnerabilities could be remotely exploited, but notes that a successful social engineering attack would be required.