Today the DHS ICS-CERT published two control system security
advisories for products from 3S – Smart Software Solutions and Siemens.
3S Advisory
This advisory
describes two vulnerabilities in the 3S CODESYS Web Server which is used by an
undisclosed variety of equipment manufacturers. The vulnerability was reported
by David Atch of CyberX. 3S has provided a patch that mitigates the
vulnerability. ICS-CERT reports that Atch has tested the patch and apparently
verifies the efficacy of the fix.
The two vulnerabilities are:
• Unrestricted upload of file with
dangerous type - CVE-2017-6027; and
• Stack-based buffer overflow - CVE-2017-6025
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to allow arbitrary files to be
uploaded to the CODESYS Web Server without authorization. Additionally, an
attacker may be able to crash the application or execute arbitrary code.
Siemens Advisory
This advisory
describes multiple vulnerabilities in the Siemens RUGGEDCOM VPN endpoints and
firewall devices. Maxim Rupp reported four of the five vulnerabilities. Siemens
has developed a mitigation
tool [.PDF download] for these vulnerabilities. There is no indication that
Rupp was provided an opportunity to verify the efficacy of the fix.
The vulnerabilities are:
• Improper authorization - CVE-2017-2686
and CVE-2017-2689;
• Cross-site request forgery - CVE-2017-2688
• Cross-site scripting - CVE-2017-2687
and CVE-2017-6864;
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit these vulnerabilities to perform actions with
administrative privileges. The Siemens
Security Advisory notes that network access is required to exploit three of
the vulnerabilities while the other two require a social engineering attack.
Posts
No comments:
Post a Comment