ICS-CERT Updates WannaCry Alert, Updates 2 Advisories and Publishes 2

Yesterday the DHS ICS-CERT published another update of their WannaCry ransomware alert, updates for two advisories, and published new advisories for products from Schneider Electric and Miele Professional. They also published a notice about the date of the Fall 2017 ICSJWG meeting in Pittsburg, PA on September 12-14, 2017.

WannaCry Update

This update provides new information on the alert published on May 15^th and updated on May 16^th and again on May 17^th. Unfortunately, I missed yesterday’s update so I will list both sets of changes at one time. The new information includes WannaCry advisories from the following vendors:

• Siemens (Multi-Modality Workplace (MMWP) products; Magnetic Resonance Products; Laboratory Diagnostics products; Computed Tomography products; Radiography, Mobile X-ray and Mammography products; Molecular Diagnostics products; and Molecular Imaging products) (NOTE: the language is nearly identical on all 8 Siemens advisories);

• General Electric;

• Phillips (general security web page, scroll down to WannaCry article);

• Smiths Medical;

• Johnson & Johnson (general security web page, scroll down to WannaCry article); and

• Medtronic

GE Proficy Update

This update provides new information on the advisory originally published on January 17^th, 2017 and updated on January 24^th. The update provides links to updates for the following products:

• GE has released new versions of the Historian software, Version 6.0 SIM 9 (Standard and Enterprise);

• GE has released a new version of the Historian software, Version 5.5 SIM 37;

• GE has released a new version of the CIMPLICITY software, Version 8.2 SIM 49; and

• GE has released a new version of the CIMPLICITY software, Version 9.0 SIM 22

NOTE: The contact information for receiving CIMPLICITY v9.5 and Historian v7.0 have inexplicably been removed from this update. GE still recommends updating to these versions.

GE Multilin Update

This update provides new information on the advisory originally published on April 27^th, 2017. The update adds two new affected product lines to the advisory:

• Universal Relay, firmware Version 6.0 and prior versions, and

• URplus (D90, C90, B95), all versions.

Update information is provided for the Universal Relay products. GE expects to release the URplus firmware updates in July. The 369 Motor Protection Relay firmware update is still expected to be released next month.

Schneider Advisory

This advisory describes an incorrect default permissions vulnerability in the Schneider Wonderware InduSoft Web Studio. The vulnerability was reported by Karn Ganeshen. Schneider has released a new service pack to address the vulnerability. There is no indication that Ganeshen has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker with authorized access could exploit this vulnerability to escalate his or her privileges. The Schneider Security Notification expands that to state:

“The directory and files are added to system's PATH. Therefore, they can be manipulated by non-administrator users to write malicious files/DLLs and escalate privileges once these are executed.”

Miele Advisory

This advisory describes a path traversal vulnerability in the in the Miele Professional PG 8528, a large capacity cleaner and disinfector used in hospitals and laboratory settings. This advisory provides updated information on the ICS-CERT alert on this vulnerability reported on March 30^th, 2017. ICS-CERT still does not provide a link to the public disclosure by Jens Regel. Miele has provided software updates to mitigate the vulnerability. There is no indication that Regel has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely use the publicly available exploits to read or modify sensitive data or files, execute unauthorized code or commands, and possibly cause a system crash.