ICS-CERT Publishes 2 Advisories and Updates 5

Today the DHS ICS-CERT published two new control system security advisories for products from JanTek and Lava Computers MFG. They also updated five previously published control system security advisories from GE and Siemens (4).

JanTek Advisory

This advisory describes two vulnerabilities in the JanTek JTC-200 TCP/IP converter. The vulnerabilities were reported by Karn Ganeshen. JanTek will not fix the vulnerability as a replacement product is expected later this year.

The two reported vulnerabilities are:

• Cross-site request forgery - CVE-2017-5789; and

• Improper authentication - CVE-2017-5791

ICS-CERT reports that a relatively low skilled attacker could use a publicly available exploit to remotely exploit the vulnerability to allow for remote code execution on the device with elevated privileges.

Lava Advisory

This advisory describes an authentication bypass spoofing vulnerability in the Lava Ether-Serial Link. The vulnerability was reported by Maxim Rupp. ICS-CERT reports that Lava Computer MFG has not responded to requests to work with ICS-CERT on this reported vulnerability.

ICS-CERT reports that a relatively low skilled attacker with uncharacterized access to spoof the IP address of an authenticated user, assume the authenticated user’s identity, and gain privileges or access to the system.

GE Update

This update provides additional information on an advisory that was originally published on October 5^th, 2017. The new information includes a link to a new version that mitigates the vulnerability. There is no indication that the researcher reporting the vulnerability was provided an opportunity to verify the efficacy of the fix.

Ruggedcom Update

This update provides additional information on an advisory that was originally published on September 28^th, 2017. The new information is a new link for contacting Siemens about the firmware update that mitigates the vulnerability.

SIPROTEC Update

This update provides additional information on an advisory that was was originally published on July 6^th, 2017, and updated on July 18^th and again on July 28^th. The new information includes updated affected version information on (and firmware update information for):

• Firmware variant Modbus TCP: All versions prior to V1.11.00;

• SIPROTEC 7SJ66: All versions prior to V4.20;

• SIPROTEC 7SJ686: All versions prior to V4.83;

• SIPROTEC 7SD686: All versions prior to V4.03

PROFINET 1 Update

This update provides additional information on an advisory that was was originally published on May 9^th, 2017 and updated on June 15^th, 2017, on June 20^th, 2017, on July 6^th, 2017, on July 25^th, 2017 and again on August 17^th, 2017. The update provides new affected version information and mitigation links for SIMATIC WinCC:

• V7.2 and prior: All versions

• V7.3: All versions prior to V7.3 Update 15

• V7.4: All versions prior to V7.4 SP1 Upd1

PROFINET 2 Update

This update provides additional information on an advisory that was originally published on May 9^th, 2017 and updated on June 15, 2017,on July 25^th, 2017 and again on August 17^th, 2017. The update provides new affected version information and mitigation links for:

• SIMATIC CP 1243-1 and CP 1243-1 IRC: All versions prior to V2.1.82;

• SIMATIC CP 1243-1 IEC: All versions;

• SIMATIC CP 1243-1 DNP3: All versions;

• SCALANCE M-800,S615: All versions prior to V04.03;

• SINAMICS DCM: All versions prior to V1.4 SP1 HF5;