This afternoon the DHS ICS-CERT published three advisories
for control system vulnerabilities. The advisories affected products from eWON,
Motorola, and Schneider.
eWON Advisory
This advisory
describes multiple vulnerabilities in the eWON sa industrial router. The
vulnerabilities were reported by Karn Ganeshen. eWON has developed a firmware
update to mitigate the vulnerabilities, but there is no indication that
Ganeshen has been provided the opportunity to verify the efficacy of the fix.
The vulnerabilities include:
• Weak session management - CVE-2015-7924;
• Cross-site request forgery - CVE-2015-7925;
• Weak RBAC controls - CVE-2015-7926;
• Stored cross-site scripting - CVE-2015-7927;
• Passwords not secured - CVE-2015-7928;
and
• Post/get issues - CVE-2015-7929
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability.
A more detailed explanation of the individual
vulnerabilities can be found on the eWON
Security Enhancements page.
NOTE: This advisory has a much more detailed ‘Impact’
description than you find on most ICS-CERT advisories. Since these explanations
would usually be the same for that given vulnerability across most platforms
these explanations could be canned and served up with the appropriate
vulnerability.
Motorola Advisory
This advisory
describes twin vulnerabilities in the Motorola MOSCAD IP Gateway. The
vulnerabilities were reported by Aditya K. Sood. Since support for this product
was discontinued in 2012 there will be no patches or updates for this product.
The vulnerabilities are:
• Remote file inclusion - CVE-2015-7935;
and
• Cross-site request forgery -
CVE-2015-7936
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit these vulnerabilities to perform actions with the permissions
of a valid user.
Schneider Advisory
This advisory
describes a buffer overflow vulnerability in the Schneider Modicon M340 PLC.
The vulnerability was discovered by Nir Giller. Schneider has produced a
firmware pathe to mitigate the vulnerability but there is no report that Giller
has been provided the opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit this vulnerability crash the device and perhaps run
arbitrary code.
The Schneider Security Notification provides a very detailed
explanation of how this vulnerability works.
Posts
No comments:
Post a Comment