Tuesday, May 9, 2017

ICS-CERT Publishes 4 Advisories and Updates 2

Today the DHS ICS-CERT published four control system security advisories for three products from Siemens and one from Rockwell. The Rockwell advisory was originally posted to the NCCIC Portal on April 4, 2017. They also updated two previously issued advisories for products from Siemens.

Rockwell Advisory


This advisory describes multiple vulnerabilities in the Rockwell Automation Stratix 5900 services router. The vulnerabilities were reported by Cisco in Cisco software products used in the Rockwell Stratix 5900; some of these vulnerabilities have been previously reported. Rockwell has produced a new firmware version to mitigate these vulnerabilities.

The reported vulnerabilities include (take a deep breath):

• Improper input validation - CVE-2016-6380, CVE-2016-1409, CVE-2015-0642, CVE-2015-0643, CVE-2014-3361, CVE-2014-2113, and CVE-2014-2106;
• Resource management errors - CVE-2016-6393, CVE-2016-6384, CVE-2016-6381, CVE-2016-6382, CVE-2016-1350, CVE-2016-1344, CVE-2015-0646, CVE-2014-3359, CVE-2014-3355, CVE-2014-3356, CVE-2014-3354, CVE-2014-3299, CVE-2014-2108, and CVE-2014-2112;
• Information exposure - CVE-2016-6415;
• Multiple network time protocol daemon vulnerabilities (October 2015) - CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, and CVE-2015-7871;
• Improper authentication - CVE-2015-1798, and CVE-2015-1799;
• Multiple OpenSSL vulnerabilities (March 2015) - CVE-2015-0207, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, and CVE-2015-1787;
• Cryptographic issues - CVE-2014-3566;
• Numeric issues - CVE-2014-3360;
• Multiple OpenSSL vulnerabilities - CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, and CVE-2014-3470; and
• Network Address Translation Vulnerabilities - CVE-2014-2109 and CVE-2014-2111;

ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to perform man-in-the-middle attacks, create denial of service conditions, or remotely execute arbitrary code. With some of these previously identified vulnerabilities up to 7 years old, I would bet that there are some publicly available exploits, but that was not mentioned in this advisory.

(SARCASM WARNING) I am glad that no other vendor uses any of these Cisco products.

Siemens SIMATIC Advisory


This advisory describes a denial of service vulnerability in the Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional products. The vulnerability was reported by Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team. Siemens has developed updates for the affected products to mitigate the vulnerability. There is no indication that the researchers have been afforded an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerability to cause the affected service to crash, resulting in a denial-of-service condition. The Siemens Security Advisory reports that the attacker must be member of the group administrators and have network access to an affected system.

Siemens PROFINET Advisory 1


This advisory describes two input validation vulnerabilities in Siemens devices using the PROFINET Discovery and Configuration Protocol (DCP). The vulnerability was reported by Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team. Siemens has produced firmware updates to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker with network access to the local Ethernet segment (Layer 2) could exploit the vulnerabilities to cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.

The Siemens Security Advisory reports that CNCERT/CC coordinated the disclosure of this vulnerability.

Siemens PROFINET Advisory 2


This advisory describes an improper input validation vulnerability in Siemens devices using using the PROFINET Discovery and Configuration Protocol (DCP). The vulnerability was reported by Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team. Siemens has produced updates that mitigate the vulnerability. There is no indication that the researchers have been afforded an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker with access to an adjacent network could exploit the vulnerability to cause a denial-of-service condition requiring a manual restart by exploiting this vulnerability.

The Siemens Security Advisory reports that:

“On a single host the affected component is shared among the affected products. Installing one fixed version will mitigate the vulnerability for all Siemens applications installed on the single host.”

Siemens Industrial Products Update


This update provides new information on an advisory that was originally issued on November 8, 2016 and then updated November 22nd, 2016; December 23rd, 2016; February 14th, 2017; and March 2nd, 2017. The new information includes:

• Updated version information for SIMATIC WinCC V7.4, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal) Professional, and SIMATIC STEP 7 (TIA Portal) V13;
• Adds mitigation information for the above products; and
• Removes the above products from the ‘temporary fix’ list.

The Siemens Security Advisory was also updated.

Siemens S7-300/400 PLC Update


This update provides new information on an advisory that was originally issued on December 13, 2016. The new information includes:

• Adding Profibus as an access route for the inadequate encryption strength vulnerability; and
• Adds links for firmware updates for S7-300 CPUs;


The Siemens Security Advisory was also updated.

No comments:

 
/* Use this with templates/template-twocol.html */