Today the DHS ICS-CERT published two control system security advisories for products from GE and Tollgrade.
GE Proficy Advisory
This advisory describes an improper privilege management vulnerability in earlier versions of the GE Proficy HMI/SCADA CIMPLICITY application. The vulnerability was reported by Zhou Yu of Acorn Network Security. GE notes that subsequent versions of the application do not contain the vulnerability, having been corrected by August 2014.
ICS-CERT reports that local access is required or that a remote exploit would require a social engineering attack. Exploit code is publicly available (link not provided in ICS-CERT Advisory).
The GE Product Security Advisory for this vulnerability recommends upgrading to a newer version of the application, but it also provides commands that serve to mitigate the vulnerability in the affected versions.
This advisory describes three vulnerabilities in the Tollgrade Communications, Inc. Smart Grid LightHouse Sensor Management System (SMS) Software EMS. The vulnerabilities were reported by Ashish Kamble of Qualys, Inc. Tollgrade has produced a new version that mitigates the vulnerabilities. ICS-CERT reports that Kamble has tested the new version to verify the efficacy of the fix.
The vulnerabilities are:
• Missing authentication for critical application - CVE-2016-5790;
• Information exposure through an error message - CVE-2016-5797; and
• Forced browsing - CVE-2016-5807
ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerabilities to restart the system, brute force a login, or change privileged parameters.