Today the DHS ICS-CERT published a fifth update to a Siemens
advisory originally
published in April and most recently updated
earlier in September. New advisories were also printed for control system
products from Baxter, Mitsubishi and Honeywell.
Siemens Update
This update
reports that Siemens has produced a new version of SIMATIC S7 V8.0 SP2 that
mitigates the vulnerability. The updated
Siemens security advisory explains that user will actually be using the
update for SIMATIC WinCC V7.2 Upd11 to update the SIMATIC S7 V8.0 SP2.
Note: There is a minor typo on the ICS-CERT updated
advisory. Before the red marked update there is an ‘extra’ listing for SIMATIC
S7 V8.0 SP2 with an incorrect link.
Baxter Advisory
This advisory
describes four vulnerabilities in the Baxter SIGMA Spectrum Infusion System.
The vulnerabilities were reported by Jared Bird with Allina IS Security. Baxter
has produced a new hardware and software versions which remove three of the
four vulnerabilities. There is no indication that Bird has been provided the
opportunity to verify the efficacy of the fix. This advisory was originally
released to the US-CERT Secure Portal on June 30th, 2015.
The four identified vulnerabilities are:
• Use of hardcoded password, CVE-2014-5431
and CVE-2014-5434;
• Authentication bypass issues, CVE-2014-5432;
and
• Cleartext storage of sensitive information, CVE-2014-543;
The uncorrected vulnerability is the hardcoded password that
can only be accessed manually. The three other vulnerabilities are remotely
exploitable by a relatively unskilled attacker.
There is no indication in this advisory that the FDA has
been contacted, or if it has been contacted that it has issued an advisory on
this device.
Mitsubishi Advisory
This advisory
describes a denial-of-service vulnerability in the Mitsubishi MELSEC FX-series
PLCs. The vulnerability was reported by Ralf Spenneberg of OpenSource Security.
A new version of the PLC’s has been developed that does not have this vulnerability.
There is no indication that Spennenberg has been provided an opportunity to
verify the efficacy of the fix. This vulnerability was released on the US-CERT
Secure Portal on May 26th, 2015.
ICS-CERT reports that moderately skilled attacker could
remotely exploit this vulnerability to execute a DOS attack that would require
re-booting of the PLC to recover.
ICS-CERT reports that older versions of the PLC (produced
before April 2015) have not been fixed because Mitsubishi “cannot guarantee the
quality of new firmware in old hardware”.
Honeywell Advisory
This advisory
describes a directory traversal vulnerability in the Honeywell Experion PKS
application. The vulnerability was reported by Joel Langill. Honeywell has
patches for newer versions of Experion PKS that apparently (poor wording in the
advisory) mitigate the vulnerability. There is no indication that Joel has been
provided the opportunity to verify the efficacy of the patches.
ICS-CERT reports that a relatively low skilled could use
publicly available exploits to remotely exploit this vulnerability to gain
access to the host’s root directory.
ICS-CERT has assigned a 2007 CVE # to this vulnerability (CVE-2007-6483)
that links to a similar directory traversal vulnerability in the Sentinel
Protection Server. The BUGTRAQ
report on that earlier vulnerability may be the source of the ‘publicly
available exploit’.
NOTE: There is a typo in the Vulnerability Details portion
of the advisory. Under ‘Existence of Exploit’ is lists: “An attacker with a low
skill would be able to exploit this vulnerability.” The availability of a
public exploit was reported earlier in the advisory.
Posts
No comments:
Post a Comment