This afternoon the DHS ICS-CERT published two new industrial control system advisories for products from Siemens and Resource Data Management.
This advisory describes twin information disclosure vulnerabilities in the Siemens SPIROTEC Ethernet modules. The vulnerabilities were independently reported by Aleksandr Bersenev from HackerDom team and Pavel Toporkov from Kaspersky Lab. Siemens has produced a firmware update to mitigate the vulnerabilities. There is no indication that either researcher has been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to obtain sensitive device information if the attacker has network access to the devices. The Siemens CERT advisory notes that the firmware update only applies to the SPIROTEC Compact versions equipped with the EN 100 Ethernet modules. For other models of the SPIROTEC Compact Siemens recommends protection of the affected networks with standard cybersecurity protections like firewalls, segmentation, and VPN access.
Resource Data Management Advisory
This advisory describes two vulnerabilities in the Resource Data Management Intuitive 650 TDB Controller. The vulnerability was reported by Maxim Rupp. RDM has produced a new version of their TDB Control Editor that is used to program their controllers to mitigate these vulnerabilities. There is no indication that Rupp has been provided an opportunity to verify the efficacy of the fix.
The two vulnerabilities are:
• Privilege escalation - CVE-2016-4505; and
• Cross-site request forgery - CVE-2016-4505
ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to gain elevated access to alter logs and parameters or execute unwanted actions.