Today the DHS ICS-CERT published an update for a Siemens advisory that was originally published on December 1st, 2015. Two new advisories were also published for vulnerabilities in control system components from GE and Sauter.
This update updates the vulnerable device list to provide limiting version numbers. It also announces that firmware updates are now available for SIMATIC TIM 3V-IE, TIM 4R-IE, and CP 443-1 / CP 443-1 Advanced modules. Siemens is still working on updates for a number of other affected devices. Both of the recent updates to the Siemens Security Advisory are covered in today’s update.
As has become usual for ICS-CERT advisory updates, this updated was not listed on the ICS-CERT landing page, but it was reported on TWITTER®.
This advisory describes twin vulnerabilities in the GE SNMP/Web Interface adapter. The vulnerabilities were reported by Karn Ganeshen. GE has produced a firmware update to fix the vulnerability in newer versions. There is no indication that Ganeshen has been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Command injection - CVE-2016-0861; and
• Cleartext storage of sensitive information - CVE-2016-0862
ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to execute arbitrary system commands.
The GE Product Security Advisory notes that these adapters are used with uninterruptable power supplies.
This advisory describes three vulnerabilities in the Sauter moduWeb Vision application. The vulnerabilities were reported by Martin Jartelius and John Stock of Outpost24. Sauter has produced a firmware update to fix the vulnerabilities. ICS-CERT reports that the researchers have validated the efficacy of the fix.
The vulnerabilities include:
• Insecure credential storage - CVE-2015-7914;
• Insecure transmission of credentials - CVE-2015-7915; and
• Cross-site scripting - CVE-2015-7916