Review – 2 Advisories Published – 10-15-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Schneider Electric and Siemens.

Advisories

Schneider Advisory - This advisory describes two vulnerabilities in the Schneider Data Center Expert product.

Siemens Advisory - This advisory discusses a classic buffer overflow vulnerability in their Siveillance Video Device Pack.

 

For more information on these advisories, including a down-the-rabbit-hole look at 3^rd party vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-10-15-24 - subscription required.

Review - HR 9769 Introduced – Chinese Cyber Threats

Last month, Rep Lee (R,FL) introduced HR 9769, the Strengthening Cyber Resilience Against State-Sponsored Threats Act. The bill would require CISA to establish an interagency task force to “detect, analyze, and respond to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China”. The task force would submit annual classified reports to Congress. No new funding is authorized by this legislation.

Moving Forward

On September 25^th, the House Homeland Security Committee conducted a business meeting where twenty pieces of legislation were considered. Among them was HR 9769, which was passed by a voice vote. This means that there is substantial bipartisan support for the bill. This will probably clear the way for the bill to be considered by the full House under the suspension of the rules process; limiting debate, prohibiting floor amendments and requiring a super majority vote for passage.

Commentary

There is no mention of the intelligence community in either the composition of the task force or provision of intelligence information in support of the Task Force’s information collection. While CISA and the FBI will have some internally developed information on the topic of Chinese cybersecurity threats, the bulk (and widest scope) of such information will be held by the intelligence community. I suspect that this was deliberately overlooked by the crafters of the bill to avoid sharing congressional oversight with (or even surrendering it to) the House Intelligence Committee.

 

For more information on the provisions of this bill, including some additional commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-9769-introduced - subscription required.

Short Takes – 10-14-24 – Space Geek Edition

NASA “really looking forward” to next Starship test flight. SpaceNews.com article. Pull quote: “NASA’s interest in Starship is linked to its use as a lunar lander for the agency’s Human Landing System (HLS) program, with the lander planned for use on the Artemis 3 mission. “There’s no doubt that the Human Landing System is the critical path for Artemis 3,” she [Lori Glaze, acting deputy associate administrator in NASA’s exploration directorate] said.”

SpaceX launches fifth Starship, catches Super Heavy booster. SpaceNews.com article. Pull quote: “The license does allow SpaceX to conduct at least one more launch, called Flight 6, using the same profile without obtaining another authorization from the FAA. “The SpaceX Starship/Super Heavy Flight 5 license authorization also includes FAA approval of the Flight 6 mission profile,” the agency stated. “The FAA determined the changes requested by SpaceX for Flight 6 are within the scope of what has been previously analyzed.” The agency didn’t state what those changes were.”

SpaceX Advances Starship Program With a Launch and a Catch. NYTimes.com article (free). Pull quote: “The air pressure [from sonic booms], the F.A.A. said in a report made public Saturday, would be nearly strong enough to potentially cause minor damage to older plaster on homes not far from the launch site.”

Secretive X-37B Spaceplane To Use Aerobraking Maneuvers To Rapidly Change Orbit.TWZ.com article. Pull quote: “It “can do an orbit that looks like an egg and, when it’s close to the Earth, it’s close enough to the atmosphere to turn where it is,” then-Secretary of the Air Force Heather Wilson said at the annual Aspen Security Forum in 2019. “Which means our adversaries don’t know – and that happens on the far side of the Earth from our adversaries – where it’s going to come up next. And we know that that drives them nuts. And I’m really glad about that.””

Electric Propulsion Pioneer Morpheus Space Unveils Enhanced ‘JOURNEY’ Satellite Tracking Analytics Platform. TheDebrief.com article. Pull quote: “Specifically, JOURNEY will provide its customers with unprecedented information about the satellite throughout its mission lifetime. These enhancements include more data to improve ground station connection and target collection windows, reduce satellite-to-ground station communication gaps, and better analytics on satellite-to-ground station data transfer rates. Offering improvements in these areas will allow current and future customers to refine mission strategies with a significant upgrade in mission-specific information, all in the hopes of reducing costs and increasing the value of each mission.”

Space: Traffic Control In Orbital Space. StategyPage.com article. Pull quote: “More mobile satellites with robotic arms are a welcome new development because they can be used to inspect satellites in trouble and help diagnose the problem and perhaps fix it. Chinese and Russian satellites similar to SJ-21 have already been spotted getting close to satellites belonging to other nations and, in some cases, apparently practicing disabling them. That was not unexpected. While these movement and inspection satellites have a wartime use to disable enemy satellites, the more immediate problem is managing and eventually eliminating a lot of the man-made debris in orbit. The only way to destroy this stuff is to use another satellite to push it close enough to earth for low density atmospheric friction to drag it lower for increasingly higher density atmospheric friction to burn it up. This does not work with the majority of space debris, which is too small to track from earth and too numerous to collect and send into the atmosphere.”

Is life possible on a Jupiter moon? NASA goes to investigate. Phys.org article. Pull quote: “If our solar system turns out to be home to two habitable worlds (Europa and Earth), "think of what that means when you extend that result to the billions and billions of other solar systems in this galaxy," said Niebur, the Europa Clipper program scientist.”

Reader Comment – Missing Link

Last night Brandon left a comment on my Saturday ‘Short Takes’ post. He reported that “the poppy seed item is missing the link to the article.” The whole point of this series of posts is sharing information with my readers. While the post includes brief extracts from the articles listed, the intent is to provide readers with links to the underlying articles. Thanks to Brandon, I have gone back and added the necessary links to this article. While I do not like admitting my mistakes any more than most folks, I do appreciate sharp-eyed readers helping me stay on the editorial straight and narrow.

Review – Public ICS Disclosures – Week of 10-5-24 – Part 2

For Part 2 we have six additional vendor disclosures from SonicWall, Supermicro, VMware (2), and Wireshark (2). There are also 22 vendor updates from FortiGuard, HP, HPE, Schneider, and Siemens (18). There are also ten researcher reports on vulnerabilities in products from ABB. Finally, we have two exploits for products from Hikvision and Palo Alto Networks.

Advisories

SonicWall Advisory - SonicWall published an advisory that describes three vulnerabilities in their SMA1000 Connect Tunnel Windows Client.

Supermicro Advisory - Supermicro published an advisory that discusses the Terrapin-Attack vulnerability.

VMware Advisory #1 - Broadcom published an advisory that describes three vulnerabilities in the VMware Cloud Foundation and VMware NSX products.

VMware Advisory #2 - Broadcom published an advisory that describes two vulnerabilities in the VMware Avi Load Balancer.

Wireshark Advisory #1 - Wireshark published an advisory that describes a missing initialization of a variable vulnerability in their ITS dissector.

Wireshark Advisory #2 - Wireshark published an advisory that describes an improper handling of missing values vulnerability in their AppleTalk and Reload framing dissectors.

Updates

FortiGuard Update #1 - FortiGuard published an update for their Buffer overflow in fgfmd advisory that was originally published on June 11^th, 2024.

HP Update - HP published an update for their AMD Graphics Driver advisory that was originally published on August 13^th, 2024.

HPE Update - HP published an update for their Blast-Radius advisory that was originally published on July 9^th, 2024, and most recently updated on August 30^th, 2024.

Schneider Update - Schneider published an update for their Modicon M340 Controller advisory that was originally published on April 12^th, 2024, and most recently updated on February 14^th, 2023.

Siemens Update #1 - Siemens published an update for their User Management Component advisory that was originally published on December 12^th, 2023, and most recently updated on September 10^th, 2024.

Siemens Update #2 - Siemens published an update for their Industrial Products advisory that was originally published on May 14^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #3 - Siemens published an update for their LOGO! 8 BM Devices advisory that was originally published on October 11^th, 2022, and most recently updated on September 10^th, 2024.

Siemens Update #4 - Siemens published an update for their LOGO! V8.3 BM Devices advisory that was originally published on August 13^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #5 - Siemens published an update for their LOGO! V8.3 BM Devices advisory that was originally published on December 12^th, 2023, and most recently updated on September 9^th, 2024.

Siemens Update #6 - Siemens published an update for their LOGO! 8 BM advisory that was originally published on March 9^th, 2021, and most recently updated on September 10^th, 2024.

Siemens Update #7 - Siemens published an update for their OPC UA Implementations advisory that was originally published on September 12^th, 2023, and most recently updated on July 9^th, 2024.

Siemens Update #8 - Siemens published an update for their RUGGEDCOM APE1808 Devices advisory that was originally published on July 9^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #9 - Siemens published an update for their SIMATIC SCADA and PCS 7 systems advisory that was originally published on September 10^th, 2024.

Siemens Update #10 - Siemens published an update for their NUCLEUS:13 advisory that was originally on December 14^th, 2021, and most recently updated on November 8^th, 2022.

Siemens Update #11 - Siemens published an update for their RUGGEDCOM APE1808 Devices advisory that was originally published on April 9^th, 2024, and most recently updated on September 10^th, 2024.

Siemens Update #12 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on August 13^th, 2024.

Siemens Update #13 - Siemens published an update for their RUGGEDCOM APE1808 Devices that was originally published on March 12^th, 2024.

Siemens Update #14 - Siemens published an update for their RUGGEDCOM APE1808 Devices advisory that was originally published on July 9^th, 2024, and most recently updated on August 13^th, 2024.

Siemens Update #15 - Siemens published an update for their OPC Foundation Local Discovery Server advisory that was originally published on May 10^th, 2022, most recently updated on April 11^th, 2023.

Siemens Update #16 - Siemens published an update for their Mendix Runtime advisory that was originally published on March 8^th, 2022, and most recently updated on May 14^th, 2024.

Siemens Update #17 - Siemens published an update for their User Management Component advisory that was originally published on September 10^th, 2024.

Researcher Reports

ABB Reports - Zero Science published ten reports about vulnerabilities (exploits are available) in the ABB Cylon Aspect building energy management system.

Exploits

Hikvision Exploit - Indoushka published an exploit for a cross-site request forgery in the Hikvision IP Cameras.

Palo Alto Networks Exploit - Johannes Greil and Michael Baer published an exploit for a privilege escalation vulnerability in the Palo Alto Networks GlobalProtect product.

 

For more information on these disclosures, including links to researcher reports, and exploits, as well as brief descriptions of changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-5bd - subscription required.

Short Takes – 10-12-24

SpaceX gets approval for Starship launch amid standoff with FAA. CNN.com article.  Pull quote: “The goal for each milestone is to hash out how SpaceX might one day recover and rapidly refly Super Heavy boosters and Starship spacecraft for future missions. Quickly reusing rocket parts is considered essential to SpaceX’s goal of drastically reducing the time and cost of getting cargo — or ships of people — to Earth’s orbit and deep space.” Launch scheduled for 8:00 to 9:00 am EDT Sunday.

FAA clears SpaceX to resume Falcon 9 rocket launches. Space.com article. Pull quote: “"The FAA notified SpaceX on Oct. 11 that the Falcon 9 vehicle is authorized to return to regular flight operations," agency officials said in an emailed statement on Friday afternoon. "The FAA reviewed and accepted the SpaceX-led investigation findings and corrective actions for the mishap that occurred with the Crew-9 mission (Sept. 28)."”

Federal personnel are facing threats during hurricane response, DHS chief warns. GovExec.com article. Pull quote: ““Falsehoods around hurricane response have spawned credible threats and incitement to violence directed at the federal government,” ISD said. “This includes calls to send militias to face down FEMA for the perceived denial of aid, and that individuals would ‘shoot’ FEMA officials and the agency’s emergency responders.””

Mars Missions May Be Blocked by Kidney Stones. ScientificAmerican.com article. Pull quote: “Healthy kidneys filter blood to balance the body’s water, salts and minerals, expelling waste as urine. When this process goes awry, painful kidney stones—hard accumulations of salts and materials such as calcium—can form in this essential organ. Researchers have theorized that astronauts are prone to kidney stones because bones degrade faster in microgravity, increasing calcium levels in the blood. But these stones’ surprising frequency among space travelers even years after they return to Earth suggests other factors are involved.”

Poppy Seed Tea Can Trigger a Morphine Overdose. ScientificAmerican.com article. [Added reference and link - 10-13-24 9:24 EDT] Pull quote: “Steve Hacala’s son, Stephen Hacala, a music teacher, had been experiencing anxiety and insomnia, for which poppy seed tea is promoted as a natural remedy, the lawsuit said. In 2016, at age 24, he ordered a bag of poppy seeds online, rinsed them with water, and consumed the rinse. He died of morphine poisoning.” Some urban legends have at least some basis in fact.

An Autonomous Unmanned Aerial System Inspection Platform for High-Efficiency 3D Pipeline/Route Modeling/Change-Detection and Gas Leak Detection-Localization. Primus.PHMSA.DOT.gov final report. From abstract: “In this project, an autonomous UAS inspection platform is proposed to address these line-of-sight and complex 3D surface-follow issues. The developed platform can be used for inspecting both oil and gas pipelines and tanks. The platform has four primary modules, each designed for a key system function: (1) PIDMIM for inspection data management, integration and visualization; (2) CPP for autonomous 3D UAS inspectionpath planning and control; (3) PCIQ for identification and quantification of 3D profile changes of pipeline and/or route; (4) PLDM for automated gas leak detection and localization.”

Chemical Incident Reporting – Week of 10-5-24

NOTE: See here for series background.

Temple, TX – 10-1-24

Local News Reports: Here, here, and here.

There was an induction-furnace steam-explosion that caused a fire at a manufacturing facility. Five employees were transported to the hospital with severe, not life-threatening, burns. At least one of the employees was admitted to the burn unit.

CBS Reportable.

Deer Park, TX – 10-10-24

Local News Reports: Here, here, and here.

There was a hydrogen sulfide leak at a refinery during maintenance operations. A shelter in place warning was issued for the surrounding communities. There are reports of two dead and 35 people treated at the scene or transported to the hospital for treatment.

CSB Reportable. CSB has an investigation team on site.