Yesterday the DHS ICS-CERT published four new control system
security advisories for products from Rockwell, Trane, ABB and Yokogawa. The
Rockwell advisory had previously been published on the US CERT Secure Portal
back on August 11th.
Rockwell Advisory
This advisory
describes a parser buffer overflow vulnerability in the Rockwell RSLogix 500 and
RSLogix Micro products. The vulnerability was reported by Ariele Caltabiano
(kimiya) via the Zero Day Initiative (ZDI). Rockwell has produced an update
that mitigates the vulnerability but there is no indication that kimiya has
been provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that it would be relatively easy to create
an exploit that would allow malicious code to execute on the target computer at
the same privilege level as the logged-in user. They also report that a social
engineering attack would be required to cause an operator to load and execute the
malformed RSS file.
Trane Advisory
This advisory
describes an information exposure vulnerability in the Trane Tracer SC field
panel. The vulnerability was reported by Maxim Rupp. Trane has produced an
update to mitigate this vulnerability and ICS-CERT reports that Maxim Rupp has
verified the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit this vulnerability to obtain sensitive information from
the contents of configuration files not protected by the web server.
ABB Advisory
This advisory
describes a credential management vulnerability in the ABB DataManagerPro
application. The vulnerability was reported by Andrea Micalizzi via ZDI. ABB
has produced a new version to mitigate the vulnerability, but there is no
indication that Micalizzi has been afforded an opportunity to verify the
efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker with
local system access could exploit the vulnerability to insert and run arbitrary
code on a computer where the affected product is used. The ABB
Security Advisory reports that an “attacker that manages to get malicious
code to a specific directory in the file system of a computer where
DataManagerPro is used, could get this code executed by an authenticated and
legitimate user of DataManagerPro”.
Yokogawa Advisory
This advisory
describes an authentication bypass vulnerability in the Yokogawa STARDOM
controller. This vulnerability is apparently being self-reported. Yokogawa has
produced a new version that mitigates the vulnerability. The Yokogawa
Security Advisory reports that the STARDOM controller does not require
authentication to connect to the device.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit this vulnerability to execute commands such as stop
application program, change values, and modify application.
Cybersecurity for Building Control Systems
ICS-CERT reported
that the National Institute of Building Sciences
will be holding a series of workshops in Arlington, VA on cybersecurity for
building control systems. The ICS-CERT announcement does not provide much in
the way of support details (Date, location, cost, etc) but the provided web
link to the NIBS workshop
site does provide all of the necessary details.
Posts
No comments:
Post a Comment