This afternoon the DHS ICS-CERT published four control
system advisories for products from Honeywell (1) and Siemens (3). The
Honeywell advisory had been previously released on the US CERT Secure Portal.
Siemens had announced all three of these advisories last Friday on TWITTER.
Honeywell Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the Honeywell
Uniformance Process History Database (PHD). The vulnerability was
self-identified. Honeywell has produced a patch to mitigate the vulnerability.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to execute a denial of service attack.
This vulnerability was originally reported on the US CERT
Secure Portal on March 10th, 2016. If you were keeping up with
ICS-CERT activity on the Secure Portal you would already have had more than a
month to figure out how to deal with this advisory.
Siemens Industrial Products Advisory
This advisory
describes a DROWN
vulnerability in a number of Siemens SCALANCE and ROX products. Patches are
still in development. In the meantime, Siemens has provided a series of
countermeasures to reduce the risk of this vulnerability.
ICS-CERT reports that it would be difficult to use one of
the publicly available exloits to remotely exploit this vulnerability to
decrypt intercepted TLS sessions.
NOTE: The initial DROWN vulnerability paper was published on
March 1st, 2016.
NOTE: I have not seen any other ICS vendors reporting DROWN
vulnerabilities. Nor has ICS-CERT issued anything on it to-date. It is highly
unlikely that Siemens is the only vendor with vulnerable systems.
Siemens SCALANCE Advisory
This advisory
describes a resource exhaustion vulnerability in the Siemens SCALANCE S613 firewall
device. The vulnerability was apparently self-identified. Siemens will provide
user specific mitigation measures for this vulnerability. There is no
indication in either the ICS-CERT Advisory or the Siemens ProductCERT
advisory that patches are forth coming for this vulnerability.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit this vulnerability to execute a denial of service attack
on the web server on the device.
Siemens glibc Library Advisory
This advisory
describes a buffer overflow vulnerability in the glibc library
of a number of Siemens products. Siemens has produced updates to mitigate this
vulnerability in their ROX II and APE devices. Pending updates for other
affected devices, Siemens provides suggested mitigation measures.
ICS-CERT reports that this vulnerability is remotely
exploitable and exploits are publicly available, but crafting a working exploit
would be difficult. A successful exploit could result in a denial of service
condition. The Siemens ProductCERT
advisory suggests that execution of arbitrary code could result from a
successful exploit; noting that:
“In order to exploit the
vulnerability, the attacker must be able to either trick a targeted host to
resolve attacker-controlled domain names, to use attacker-controlled DNS servers
for resolution, or to gain a privileged network position allowing him to
capture and modify the affected device’s network communication.”
NOTE: This is another library based vulnerability that may
be expected to affect products from other vendors as well.
Posts
No comments:
Post a Comment