Review – 3 Advisories and 4 Updates Published

Today, CISA’s NCCIC-ICS published three control system security advisories for products from ICONICS, mySCADA, and Johnson Controls. They also updated advisories for products from Johnson Controls.

Advisories

ICONICS Advisory - This advisory discusses five vulnerabilities (one with known exploit) in the ICONICS product suite.

mySCADA Advisory - This advisory describes a use of hard-coded credentials vulnerability in the mySCADA myPRO product.

Johnson Controls Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Johnson Controls Kantech KT series door controllers.

Updates

Johnson Controls Update #1 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #2 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls update #3 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #4 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

 

For more information on these advisories, including links to 3^rd party advisories, exploits, and a brief look at the timing of the Johnson Controls updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-4-updates-published-026 - subscription required.

Short Takes – 7-2-24 – Space Geek Edition

Astronauts Are Not Stuck on the I.S.S., NASA and Boeing Officials Say. NYTimes.com article. Pull quote: ““I think they’re doing their due diligence,” Wayne Hale, a retired NASA flight director, said in an interview. “Being in no hurry to come home, it makes a great deal of sense to take the time to gather as much information as possible so that they can make sure that the problems are all fixed. That makes a great deal of sense, to take your time.””

If alien life exists on Europa, we may find it in hydrothermal vents. LiveScience.com article. Pull quote: “They found that not only could moderately warm vents be maintained over a wide range of conditions on these moons, but that the low gravity allowed for warmer temperatures emanating from the vents. In addition, the low efficiency of heat extraction from the core of the moons (which are thought to be pretty cool in the first place) in the low gravity would allow such moderate- to low-temperature vents to be maintained for possibly billions of years.”

NASA's ISS Spacesuit Situation Turns Grim. Gizmodo.com article. Pull quote: “In a report released in January 2019, NASA’s Aerospace Safety Advisory Panel reviewed the increasing challenges of the spacesuits. “It is an undeniable fact that the 40-year-old EMUs used in ISS operations are reaching the end of their useful life,” the report read. “NASA cannot maintain the necessary, ongoing low-Earth orbit operations without fully functional EVA suits.””

Turion wins Space Force contract for debris-capture technology. SpaceNews.com article. Pull quote: “While Turion’s long-term goal is to provide a debris removal service, the company is currently focused on hosting space domain awareness payloads to generate steady revenue. Turion plans to offer three payload hosting options: Droid Alpha Mini, Droid Alpha, and Droid Alpha Enhanced Mobility with ion thrusters.”

Technical failures leave Starliner crew 'not stranded' on ISS indefinitely. NewAtlas.com article. Pull quote: “Boeing says that there is a "parallel path" for the next Starliner flight in February 2025, though how this will happen without certification hasn't been explained. That means that the only choices are a Russian Soyuz or a SpaceX Dragon. The former would be a major international embarrassment that the United States would rather avoid, especially in an election year, while the latter would see Boeing dining out on crow for the foreseeable future.

Orbit Fab completes ground test of satellite fueling payload. SpaceNews.com article. Pull quote: “Speaking at the recent “State of the Space Industrial Base” conference in Albuquerque, Roth emphasized the importance of on-orbit refueling. “We want to get those technologies on orbit, test them out in an operational environment, and hedge our bets because we don’t know which one will work, and which one will work better than the other,” Roth said, referring to Orbit Fab’s and Northrop Grumman’s refueling hardware.”

Short Takes – 7-1-24

Honeywell sees space opportunity with $1.9 billion CAES acquisition. SpaceNews.com article. Pull quote: “Honeywell, which is helping qualify satellite laser communications terminals for the Pentagon’s Space Development Agency, is present in multiple markets, including aviation and energy. The group reported $36.7 billion in revenue for 2023.”

NASA and SpaceX misjudged the risks from reentering space junk. ArsTechnica.com article. Pull quote: “"During its initial design, the Dragon spacecraft trunk was evaluated for reentry breakup and was predicted to burn up fully," NASA said in a statement. "The information from the debris recovery provides an opportunity for teams to improve debris modeling. NASA and SpaceX will continue exploring additional solutions as we learn from the discovered debris."”

DISA grapples with mounting ‘technology debt’ amid evolving cyber threats. BreakingDefense.com article. Pull quote: ““Let’s continue to still have clear resources on legacy [systems] to make sure that they’re secure and defending our DODIN [DoD Information Network], but in the meantime, also rushing to the horizon to say now, ‘How do we move off of this so we can do better?’ So we can free up capacity and resources to be able to do the things that our warfighters need.””

Chinese Rocket Accidentally Launches During Test, Then Crashes. NYTimes.com article. Pull quote: ““Multiple things probably would have had to go wrong for this failure to happen the way it did,” Dr. Tucker said, adding that although China’s national space program was advanced, its commercial space industry is fairly young.”

Review - S 4045 Reported in Senate – E Palestine Health Study

Last month, the Senate Health, Education, Labor and Pensions Committee ordered S 4045, the East Palestine Health Impact Monitoring Act of 2024, reported favorably without a report. The Committee met on May 23^rd, 2024 and adopted substitute language for the bill. The reported version of the bill is a significant rewrite of the legislation, changing study responsibility requirements, timelines, and funding. The bill is now cleared for potential action by the full Senate.

Moving Forward

This bill is now cleared for potential action by the full Senate. Normally, I would say that this bill is not politically important enough to take up the time of the Senate, but I suspect that this bill could be considered as a stand in for taking action on hazmat rail shipments issues that were highlighted by the E. Palestine train derailment. Railroad are fighting those rail safety bills hard but would have little objection to this bill. Still, I would expect that the leadership would try to pass this by unanimous consent.

 

For more details about the changes made in the reported version of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4045-reported-in-senate - subscription required.

Review - S 4443 Report Published – FY 2025 Intel Authorization

After initially ordering S 4443, the Intelligence Authorization Act for Fiscal Year 2025, reported without a written report, the Senate Intelligence Committee published their report on the bill. In addition to providing summaries of the requirements of various sections of the bill, the report provides two additional discussions about cybersecurity related topics.

Moving Forward

As with most authorization bills, the Senate is not expected to take up S 4111, rather they will take up the House bill (HR 8512) which as just recently reported. The Senate will take up the House passed language of that bill and immediately off the language from S 4111 as substitute language for the purpose of the debate in the Senate. A conference committee will subsequently iron out the differences between the two versions of the legislation.

 

For more details about the two new cybersecurity discussions, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4443-report-published - subscription required.

Review – Public ICS Disclosures – Week of 6-22-24 – Part 2

For Part 2 we have two more vendor disclosures from WatchGuard (2). There are also 23 vendor updates from Hitachi Energy, HP (2), HPE (19), and Moxa. Finally, we have four researcher reports describing vulnerabilities in products from Emerson, Plug&Track, Siemens, and TP-Link.

Advisories

WatchGuard Advisory #1 - WatchGuard published an advisory that describes a privilege escalation vulnerability in their Mobile VPN product.

WatchGuard Advisory #2 - WatchGuard published an advisory that describes a buffer overflow vulnerability in their Fireware OS product.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their IEDConnectivity Packages advisory that was originally published on November 15^th, 2022.

HP Update #1 - HP published an update for their AMD SPI Lock Bypass advisory that was originally published on June 11^th, 2024 and most recently updated on June 18^th, 2024.

HP Update #2 - HP published an update for their Plantronics Hub advisory that was originally published on December 20^th, 2023 and most recently updated on May 10^th, 2024.

HPE Updates - HPE continued updating older Aruba advisories to their HPE format, updating 19 advisories this week.

Moxa Advisory - Moxa published an update for their AWK-3131A Series that was originally published on February 24^th, 2020 and most recently updated on June 3^rd, 2020.

Researcher Report

Emerson Report - Claroty published a report describing four vulnerabilities in the Emerson Rosemount 370XA gas chromatograph.

Plug&Track Report - Nozomi Networks published a report that describes seven vulnerabilities in products from Plug&Track.

Siemens Report - SEC Consult published a report describing three vulnerabilities in the Siemens CP-8XXX Power Automation Products.

TP-Link Report - Talos Intelligence published a report that describes an active debug code in the TP-Link ER7206 Omada Gigabit VPN Router.

 

For more information about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-746 - subscription required.

Chemical Incident Reporting – Week of 6-22-24

NOTE: See here for series background.

Buckeye, AZ – 6-21-24

Local news reports: Here, here, here, and here.

Nitric acid spill during truck loading operations, 200-gal spilled. No injuries or damage were reported.

Not CSB reportable.

Elizabethtown, Ky – 6-25-24

Local news reports: Here, here, and here.

A employee was found dead inside a full chemical storage tank at a car parts manufacturing facility.

Probably not a CSB reportable, unless vapor emissions from the tank caused the individual to fall into the tank.

TRION, Ga – 6-26-24

Local news reports: Here, here, here, and here.

A truck carrying anhydrous ammonia developed leak in transit. Local evacuations, but no injuries or damages reported

Not CSB reportable – would be an NTSB incident.

Matteson, IL – 6-27-24

Local news reports: Here, here, and here.

A train derailment caused leaks of liquified petroleum gas from railcar containing residual materials. No injuries reported. Limited evacuation order still in place.

Not CSB reportable – would be an NTSB incident.