Thursday, June 15, 2017

ICS-CERT Publishes Advisory and Updates 5 Siemens Advisories

Today the DHS ICS-CERT published one new control system security advisory for a product from Cambium Networks and updated five previously published advisories for products from Siemens.

Cambium Advisory


This advisory describes two vulnerabilities in the Cambium ePMP Network Access Control products. The vulnerabilities were reported by Karn Ganeshen. According to Cambium, newer versions of the firmware are not affected. There is no indication that Ganeshen was provided an opportunity to verify that.

The two reported vulnerabilities are:

• Improper access control - CVE-2017-7918; and
• Improper privilege management - CVE-2017-7922

ICS-CERT reports that a relatively low skilled attacker could remotely exploit these vulnerabilities to access device configuration as well as make unauthorized changes to the product’s configuration.

ICS-CERT also notes that Cambium also recommends that users edit default SNMP configuration.

PROFINET Update 1


This update provides additional information on the advisory that was originally published on May 9th, 2017. The update provides new information on the affected version of and links to the updates for:

• SIMATIC STEP 7 V5.X: All versions prior to V5.6;
• SIMATIC WinCC: All versions prior to V7.4 SP1 Upd1; and
• Security Configuration Tool (SCT): All versions prior to V5.0

PROFINET Update 2


This update provides additional information on the advisory that was originally published on May 9th, 2017. The update provides new information on the affected version of and links to the updates for:

• SCALANCE X300, X408: All versions prior to V4.1.0;
• X414 (not previously listed): All versions prior to V3.10.2;
• SITOP PSU8600 PROFINET: All versions prior to V1.2.0,
• SITOP UPS1600 PROFINET (not previously listed): All versions prior to V2.2;
• SIMATIC S7-400 including F and H: All versions prior to V8.2;

SIMATIC Update


This update provides additional information on the advisory that was originally published on February 14th, 2017. The update provides new information on the affected version:

• SIMATIC WinCC: All versions prior to V7.4 SP1; and
• SIMATIC WinCC Runtime Professional: All versions prior to V14 SP1,
The previously published mitigation measure (SIMATIC Logon V1.5 SP3 Update 2) will work on these products as well.

SICAM PAS Update

This update provides additional information on the advisory that was originally published on December 1st, 2016. The update provides updated version information and the announcement that the newest version of the software fixes all of the reported vulnerabilities. There is no indication that the researchers have verified the efficacy of the fix.

DROWN Update


This update provides additional information on the advisory that was originally published on April 12th, 2016 and subsequently updated on February 28th, 2017. The new update provides updated affected version information for:

• SCALANCE X300 family: All versions prior to V4.1.0,
• SCALANCE X414: All versions prior to V3.10.2,
• SCALANCE X200 RNA family: All versions prior to V3.2.5, and
• ROX I: All versions not using the mitigations listed in SSA-327980 (Siemens link).

Additionally, the update also provides new mitigation information for:

• SCALANCE X300 family;
• SCALANCE X414; and
• ROX I

Missing Siemens Advisories and Updates



The updates published today address five of the six ‘missing updates’ that I discussed on Tuesday. The still missing update is for the Siemens SPIROTEC products; SSA-732541, originally ICSA-15-202-01. I still have not seen the Siemens WannaCry updates that I mentioned on Monday being reported by ICS-CERT. Of course, ICS-CERT could have been waiting for the two new WannaCry updates Siemens announced today (here and here).

No comments:

 
/* Use this with templates/template-twocol.html */