ICS-CERT Publishes 2 Advisories and 3 Updates

Yesterday the DHS ICS-CERT published two control system security updates for products from Geovap and Siemens. They also updated three previously published control system security advisories, all for products from Siemens.

Geovap Advisory

This advisory describes a cross-site scripting vulnerability in the Geovap Reliance SCADA software management platform. The vulnerability was reported by Can Demirel. Geovap has released a new version that mitigates the vulnerability. There is no indication that Demirel has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit this vulnerability to inject arbitrary JavaScript in a specially crafted URL request that may allow for read/write access.

NOTE: The Geovap update notes for this new version would seem to indicate that they also fixed one or more vulnerabilities in the Reliance Smart Client.

Siemens Advisory

This advisory describes multiple vulnerabilities in the Siemens SWT 3000 Teleprotection system. The vulnerabilities are self-reported. Siemens has produced updated firmware that mitigates the vulnerability.

The reported vulnerabilities are:

• Improper authentication (2) - CVE-2016-4784, CVE-2016-4785;

• Authentication bypass using an alternate path or channel (2) - CVE-2016-4785, CVE-2016-7114; and

• Improper input validation - CVE-2016-7113

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to perform a denial-of-service attack. The Siemens security advisory notes that network access to the devices is required for exploitation.

OPC/UA Update

This update provides new information on an advisory that was originally published on 8-31-17 and updated on October 3^rd, 2017. The update provides new version information and mitigation measures for:

• SIMATIC IT Production Suite: Versions between V6.5 and V7.1

SIPROTEC Update

This update provides new information on an advisory that was originally published on July 6^th, 2017, and updated on July 18^th, on July 28^th, and then again on October 10^th. The update provides new version information and mitigation measures for:

• SIPROTEC 7SD686: All versions prior V4.05

The Siemens updated security advisory explains why there are two separate affected versions for SIPROTEC 7SD686. Versions before 4.05 are affected by vulnerability #6 and versions before 4.03 are also affected by vulnerability #2.

SIMATIC Update

This update provides new information on an advisory that was originally published on February 14^th, 2017 and updated on June 15^th,  and again on July 6^th. The update provides new version information and mitigation measures for:

• SIMATIC IT: All versions prior to V7.1