ICS-CERT Updates Rockwell Advisory and Publishes 3 New Advisories

Today the DHS ICS-CERT updated an earlier control system advisory for a series of Rockwell controllers. It also published new control system advisories from Pacom, LOYTEC, and XZEARES.

ICS-CERT announced earlier today on TWITTER that the ICSJWG 2016 Spring Meeting will occur May 3-5, 2016, in Scottsdale, AZ. More information will become available on the Industrial Control Systems Joint Working Group (ICSJWG) web site as the meeting date gets closer.

Rockwell Update

This update provides additional information on an advisory published this October. Rockwell is reporting that the previously uncorrected vulnerability in the MicroLogic 1400 controller has been corrected in a new firmware version.

NOTE: This update is not listed on the ICS-CERT landing page. To learn of these updates in near real-time you need to follow ICS-CERT on Twitter (@ICSCERT).

Pacom Advisory

This advisory describes an inadequate cryptography vulnerability in the Pacom GMS system. The vulnerability was originally reported by the Swedish companies XPD and Assured. Pacom has not updated the GMS, but ICS-CERT reports that they have “fixed the new EMCS system”. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability to take control over the communication between the controller and base station.

This advisory was originally released to the US-CERT Secure Portal on November 3^rd, 2015. Instructions for critical infrastructure owners and security researchers to gain access to that Secure Portal can be found at the bottom of the ICS-CERT landing page.

LOYTEC Advisory

This advisory describes a password file vulnerability in the LOYTEC LIP-3ECTB routers. The vulnerability was originally reported by Maxim Rupp. LOYTEC has produced a firmware update to mitigate this vulnerability but there is no indication that Maxim Rupp was provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability to gain access to the network.

XZERES Advisory

This advisory describes a cross-site scripting vulnerability in the XZERES 442SR wind turbine generator operating system (OS). The vulnerability was reported by Karn Ganeshen. XZERES had produced a patch to mitigate the vulnerability, but there is no indication that Ganeshen has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could adapt code available on-line to remotely exploit this vulnerability to gain admin rights to the system.