Tuesday, June 21, 2016

ICS-CERT Publishes Two Advisories

This afternoon the DHS ICS-CERT published two control system advisories for products from Schneider and Advantech.

Schneider Advisory

This advisory describes a cross-site scripting vulnerability in the Schneider Electric PowerLogic PM8ECC communications add-on module for the Series 800 PowerMeter. The vulnerability is apparently self-reported. Schneider has produced a firmware update for the module.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to inject arbitrary JavaScript in a specially crafted URL request where the response containing user data is returned to the web browser without being made safe to display.

Schneider published their Security Notice on this vulnerability on May 11th, 2016.

Advantech Advisory

This advisory describes multiple vulnerabilities in the Advantech WebAccess product. The vulnerabilities were reported by Zhou Yu of Acorn Network Security. Advantech has produced a new version that mitigates the vulnerabilities. ICS-CERT reports that Zhou has had a chance verify the efficacy of the fix.

The vulnerabilities include:

• Unsafe ActiveX controls marked as safe for scripting - CVE-2016-4525; and
• Classic buffer overflow - CVE-2016-4528.

ICS-CERT reports that a social engineering attack is required to exploit these vulnerabilities, but a successful exploit could allow an attacker to insert and run arbitrary code on an affected system.

The Advantech version notes for the new version (8.1_20160519) produced to correct these vulnerabilities mentions ‘buffer-overrun’ vulnerabilities in BwAspObj.dll and cellvision.ocx, but it does not mention any ActiveX vulnerabilities. It does, however, mention a vulnerability to reveal password in Project User web page that was not mentioned in the ICS-CERT advisory.

Another Schneider Product Vulnerability

When looking for the Schneider Security Note mentioned above I also found another Schneider product vulnerability reported on the Schneider web site. This Security Note was for an elevation of privilege vulnerability in the – Pelco Digital Sentry Video Management System.

No comments:

/* Use this with templates/template-twocol.html */