ICS-CERT Publishes Four Advisories

Earlier this week the DHS ICS-CERT published four advisories for industrial control system vulnerabilities in products from Rockwell and Siemens.

Rockwell Advisory

This advisory describes two authentication vulnerabilities in the Rockwell Automation FactoryTalk EnergyMetrix application. These vulnerabilities were self-reported. This advisory was originally released on the US CERT Secure Portal on June 21, 2016.

The two vulnerabilities are:

• Insufficient session expiration - CVE-2016-4531; and

• SQL injection - CVE-2016-4522

ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to gain unauthenticated access to the affected system.

Siemens SINEMA Advisory

This advisory describes a cross-site scripting vulnerability in the Siemens SINEMA Remote Connect Server (VPN) application. The vulnerability was reported by Antonio Morales Maldonado of INNOTEC SYSTEM, and Alexander Van Maele and Tijl Deneut of Howest. Siemens has produced an update to mitigate the vulnerability but there is no indication that any of the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to gain ongoing access to these devices, but a social engineering attack would be required.

Siemens SIMATIC Net PC Advisory

This advisory describes a denial-of-service vulnerability in the Siemens SIMATIC NET PC-Software. The vulnerability was reported by Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs. Siemens has produced a new version to mitigate the vulnerability but there is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to cause a denial-of-service of the OPC-Unified Architecture (UA) service. Siemens reports that the attacker would require network access to exploit this vulnerability.

Siemens SIMATIC WinCC Advisory

This advisory describes two separate input validation vulnerabilities in the Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional applications. The vulnerabilities were reported by Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab. Siemens has produced updates to mitigate these vulnerabilities, but there is no indication that the researchers have been provided an opportunity to verify the efficacy of the fixes.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to extract arbitrary files or remotely execute arbitrary code. Siemens reports that the attacker would require network access to exploit this vulnerability.