Tuesday, August 23, 2016

ICS-CERT Publishes Advisory Update and New Advisory

Today the DHS ICS-CERT updated an advisory previously published for a control system vulnerability in the Westermo industrial switch and published a new advisory for Moxa’s OnCell products. The Westermo advisory was originally published in January, 2016.

Moxa Advisory

This advisory describes two vulnerabilities in the Moxa OnCell product. The vulnerabilities were reported by Maxim Rupp. Moxa has produced new firmware to mitigate these vulnerabilities, but there is no indication that Rupp was provided an opportunity to verify the efficacy of the fix.

The reported vulnerabilities are:

• Improper restriction of excess authentication attempts - CVE-2016-5799; and
• Plain-text storage of passwords - CVE-2016-5812

ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to bypass authentication to log in as a valid user.

Rhetorical Question: Has Maxim Rupp selected Moxa to be his personal research project?

NOTE: According to a TWEET from Maxim Rupp the advisory does not list all of the affected devices. Sounds like a case where the vendor does not acknowledge all of the affected devices. ICS-CERT certainly does not test them. Added 08-24-16 0630 EDT.

Westermo Update

This update explains that Westermo has now produced a patch that that allows changing default certificates to custom certificates instead of requiring the certificates to be changed manually.

NOTE: ICS-CERT announced this update on TWITTER® today. Without that notification it would be very difficult to know that the advisory had been updated.

No comments:

/* Use this with templates/template-twocol.html */