ICS-CERT Updates 2 Siemens Advisories and Publishes 3 New Advisories

Today the DHS ICS-CERT updated two advisories for Siemens products from earlier this year and then published three new advisories for products from Siemens, Innominate mGuard and Moxa.

SIMATIC HMI Update

This update is for an advisory originally published in April and updated in April and July. This adds additional clarification as to the versions of the previously listed products are affected. Similarly the update provisions have been updated. It also added update instructions for TIA V12 SP1 devices and WinCC V7.2.

SIMATIC STEP 7 TIA Portal Update

This update is for an advisory originally published in February. This adds additional clarification as to the versions of the previously listed products are affected. An update has been added for SIMATIC STEP 7 (TIA Portal) V12 SP1.

Innominate mGuard Advisory

This advisory describes a denial-of-service (DoS) vulnerability in the Innominate mGuard device. This vulnerability has bee self-reported. Innominate has produced a firmware patch to mitigate this vulnerability.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to cause a temporary DoS condition in the VPN daemon on the device. Innominate reports that a successful authentication via X.509 certificate or PreShared Secret Key is required to exploit the vulnerability.

Siemens SIMATIC S7-1200 Advisory

This advisory describes a cross-site request forgery vulnerability on the Siemens SIMATIC S7-1200. This vulnerability was reported by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced a firmware update to mitigate the vulnerability. There is no indication that the researchers have been afforded the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to perform actions at the level of the victim user.

Siemens reports that there are different firmware updates for Standard CPUs and Fail-safe CPUs.

Moxa Softcms Advisory

This advisory describes two different types of buffer overflow vulnerabilities in the Moxa Softcms software package. The vulnerabilities were reported by Carsten Eiram of Risk Based Security and Fritz Sands. The HP Zero Day Initiative coordinated the disclosures on these vulnerabilities. Moxa has released a new version of the software to mitigate these 9 separate vulnerabilities. There is no indication that the researchers have been given the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a moderately skilled attacker could remotely exploit these vulnerabilities to allow remote code execution.

BTW – ICS-CERT has included a formal note on their landing page that they have updated their PGP public key and they have corrected the bad link that I identified in my blog post Tuesday.