Public ICS Disclosure – Week of 10-29-17

This week Karn Ganeshen provided proof of concept (POC) information on three previously published ICS-CERT vulnerabilities and Joel Langill provided a link to an ABB KRACK advisory.

POC Information

Karn continues to use the FullDisclosure web site to provide to provide additional information about control system vulnerabilities that he has previously disclosed through the DHS ICS-CERT. This week he has provided POC information on the following control system vulnerabilities:

• Progea Movicon SCADA/HMI – earlier reported here (there was no mention of publicly available POC in the ICS-CERT advisory);

• JanTek JTC-200 – earlier reported here (publicly available POC was mentioned in ICS-CERT advisory); and

• SpiderControl SCADA Web Server – earlier reported here (there was no mention of publicly available POC in the ICS-CERT advisory)

Based upon past experience, I do not expect ICS-CERT to update their vulnerability reports to reflect the fact that POC information is now available. Given the fact that ICS-CERT has reported that relatively low skilled attackers could exploit these vulnerabilities, I think that it is important that owners of these systems has this information available to help them appropriately assess the risks to their systems.

KRACK Vulnerability

Joel’s post on LinkedIn pointed at a cybersecurity advisory from ABB for their  ABB TropOS wireless mesh products concerning the WPA2 Key Reinstallation Vulnerabilities (also known as the Key Reinstallation Attack – KRACK).

As I pointed out in the resulting LinkedIn conversation this is the second vendor specific advisory on the KRACK vulnerability. Unlike the earlier report, ABB includes 7 of the 10 CVE found in the KRACK report, indicating that they have probably reviewed all 10 of the vulnerabilities in their system.

I continue to be disappointed in ICS-CERT for not having published a control system alert for the KRACK problem since these vulnerabilities will affect almost all ICS products that use WPA2 security for wireless communications in their control system products.