Yesterday the DHS ICS-CERT updated two control system
security notices; one an alert for the BrickerBot vulnerability and the other
affecting products from Belden Hirschmann.
BrickerBot Update
This update
provides new information on the alert that was originally
published on April 12th, 2017. The update more specifically acknowledges
the Radware contribution to the state of current knowledge about BrickerBot. It
also provides:
• A slightly more detailed and
updated description of the operation of both BrickerBot.1 and BrickerBot.2; and
• A new mitigation measure; updating Ubiquiti device
firmware.
Belden Hirschmann Update
This update
provides new information on the advisory that was originally
published on January 26th, 2017. The update expands the scope of
the advisory; adding three new vulnerabilities that were apparently fixed with
the originally reported new software version. The newly reported vulnerabilities
are:
• Server-side request forgery - CVE-2017-6036;
• Cross-site request forgery - CVE-2017-6038;
and
• Information exposure - CVE-2017-6040
Belden did not change their original Security
Bulletin. Instead, they issued an additional Security
Bulletin to describe the ‘new’ request forgery vulnerabilities. Belden
actually describes the cross-site request forgery as a subset of the
server-side request forgery, rather than specifically listing it as a separate vulnerability.
Belden never does specifically acknowledge the ‘information exposure’ vulnerability
reported by ICS-CERT.
Interestingly, the only change that ICS-CERT makes to their ‘impact’
statement designed to reflect the additional vulnerabilities is to change the
words ‘of this vulnerability’ to ‘of these vulnerabilities’. It does not
acknowledge the Belden report that the ‘new’ vulnerabilities may allow an
attacker to “trick administrators into changing the configuration of the device”.
Posts
No comments:
Post a Comment