Today the DHS ICS-CERT updated a Yokogawa advisory from last
month and issued a new advisory for other Yokogawa products. The new advisory
is the result of a self-disclosure from Yokogawa based upon research being
conducted in support of fixing the earlier advisory. This is the type of
pro-active vendor action that industry should demand from vendors; particularly
when the equipment is used in critical infrastructure facilities.
Updated Advisory
This update addresses new information developed during response
to the original advisory published
last month. This new information includes:
• Removing one of the ports that
the original reports indicated was being monitored by CENTUM’s BKHOdeq.exe
service;
• Adding a new stack based buffer
overflow vulnerability; and
• Reporting an even newer set of
patches to deal with the identified vulnerabilities.
New Advisory
This new advisory is based, in part, on the vulnerabilities reported
earlier by Juan Vazquez of Rapid7 Inc. There is a lengthy list of Yokogawa
products to which the new advisory applies. There are currently three stack
based buffer overflow vulnerabilities and a heap based buffer over flow vulnerability
described in this advisory:
• Heap based overflow for “BKCLogSvr.exe service,
CVE-2014-0781
(Operation Logging Process);
• Stack based overflow for “BKESimmgr.exe”
service, CVE-2014-0782
(Project Equalization Process);
• Stack based overflow for “BKHOdeq.exe”
service, CVE-2014-0783
(Batch Management Process); and
• Stack based overflow for “BKBCopyD.exe”
service, CVE-2014-0784
(Simulator Management Process in the Expanded Test Functions).
These are the same services and CVE numbers listed in the
previous advisory, just now extended to the new line of products. The
descriptions above listed in parenthesis come from Yokogawa’s
advisory that covers both of the ICS-CERT advisories being reported in this
post.
Posts
No comments:
Post a Comment