Today the DHS publishes five control system security updates
for products from ProMinent, WECON, Envitech, NXP Semiconductor, and Siemens.
They also updated a previously published control system security advisory for
products from Marel Food Processing Systems.
Siemens Advisory
This advisory
describes two vulnerabilities in the Siemens BACnet Field Panels. The
vulnerabilities are self-reported. Siemens has developed a new firmware version
that mitigates the vulnerabilities.
The two reported vulnerabilities are:
• Authentication bypass using an
alternate path or channel - CVE-2017-9946; and
• Path traversal - CVE-2017-9947
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to allow unauthenticated attackers
with access to the integrated webserver to download sensitive information. The
Siemens security
advisory notes that the first vulnerability requires network access to
exploit.
NXP Advisory
This advisory
describes two vulnerabilities in the NXP MQX real time operating system (RTOS).
The vulnerability was reported by Scott Gayou. ICS-CERT reports that NXP
intends to issue a new version in January to mitigate the vulnerabilities. NXP
provides a work around for the first vulnerability in the latest version (the second
does not exist in that version) and recommends that users upgrade to that newer
version pending the January update.
The two reported vulnerabilities are:
• Classic buffer overflow – CVE-2017-12718;
and
• Out-of-bounds read – CVE-2017-12722
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to cause a buffer overflow condition
that may, in turn, cause remote code execution or out-of-bounds read
conditions, resulting in a denial of service.
Envitech Advisory
This advisory
describes an improper authentication vulnerability in the Envitech EnviDAS
Ultimate web application. The vulnerability was reported by Can Demirel and
Deniz Çevik of Biznet Bilisim. Envitech has a new version that mitigates the
vulnerability. ICS-CERT reports that the researchers have verified the efficacy
of the fix.
ICS-CERT reports that relatively low skilled attacker could
remotely exploit the vulnerability to
view and edit settings without authenticating and execute code remotely.
WECON Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the WECON LeviStudio
HMI Editor. The vulnerability was reported by Andrea “rgod” Micalizzi, working
with iDefense Labs. WECON has developed a new version that mitigates the
vulnerability. There is no indication that Micalizzi was provided an
opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to effect a denial of service and
arbitrary code execution.
ProMinent Advisory
This advisory
describes multiple vulnerabilities in the ProMinent MultiFLEX M10a Controller.
The vulnerabilities were reported by Maxim Rupp. ICS-CERT reports that
ProMinent has not mitigated the vulnerabilities.
The reported vulnerabilities are:
• Client-side enforcement of
server-side security - CVE-2017-14013l;
• Insufficient session expiration -
CVE-2017-14007;
• Cross-site request forgery - CVE-2017-14011;
• Information exposure - CVE-2017-14009;
and
• Unverified password change - CVE-2017-14005
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to bypass protection mechanisms, assume the
identity of authenticated users, and change the device configuration.
Marel Update
This update
provides additional information on an advisory originally
published on April 4th, 2017 and updated
on August 17th. This update provides information on the firewall
update for the Pluto platform that Marel has released.
The advisory still states that “Marel has created an update
for Pluto-based applications, which was scheduled for release in October, 2017.
This update will restrict remote access by implementing SSH authentication”.
Posts
No comments:
Post a Comment