Today the DHS ICS-CERT published advisories for multiple
vulnerabilities in three separate products from Siemens; Scalance, WinCC and COMOS. While
the vulnerabilities in WinCC were reported by Alexander Tlyapov of Positive
Technologies, the remaining vulnerabilities were identified internally.
Multiple
Vulnerabilities
The vulnerabilities include (Note: links on product names
are to the respective Siemens ProductCERT report):
Scalance
–
WinCC
–
• SQL injection: CVE-2013-3957;
• Hard-coded credentials: CVE-2013-3958;
• Forced browsing: CVE-2013-3959;
and
COMOS
–
• Permissions, privileges, and
access controls: CVE-2013-3927
Exploitability
ICS-CERT reports that a relatively low skilled attacker
could exploit these vulnerabilities. The Scalance and WinCC vulnerabilities
could be exploited remotely, but the COMOS vulnerability requires local access by
an authenticated user. The Scalance vulnerabilities would allow an attacker to
execute arbitrary commands. The WinCC vulnerabilities could allow an attacker
to gain full system access. The COMOS vulnerability would allow an attacker to
gain full access to information stored in the COMOS library.
Mitigation
Software updates have been developed by Siemens for all
three products. Siemens ProductCERT has verified that the modifications
mitigate the vulnerabilities (Note: I would have been happier to hear that Alexander
Tlyapov had been asked to validate the WinCC update) . The updates can be found
at the below listed links:
• Scalance;
• WinCC;
and
• COMOS
Delayed Notification
The Siemens’ ProductCERT web page provides data on when
these vulnerabilities were published by that organization (Scalance 5-24-13;
Win CC 6-14-13; and COMOS 6-18-13). The same day publication of the COMOS
vulnerability by ICS-CERT is pretty impressive; the three week delay for the
Scalance program is not so much.
Posts
No comments:
Post a Comment