Today the DHS ICS-CERT published two industrial control
system advisories for products from Rockwell and Moxa. They also published a
medical control system advisory for products from B Braun Medical. The Rockwell
advisory was previously published on the NCCIC Portal on April 25th,
2017. The Braun Medical advisory was previously published on the NCCIC Portal
on March 23rd, 2017l
B Braun Medical Advisory
This
advisory
describes an open redirect vulnerability on the B Braun Medical SpaceCom
module. The vulnerability was reported by Marc Ruef and Rocco Gagliardi of scip
AG. Braun has produced a software update that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to allow URL redirection to untrusted web sites.
Rockwell Advisory
This
advisory
describes multiple vulnerabilities in the Allen-Bradley MicroLogix 1100 and
1400 PLCs. The three of the vulnerabilities were reported by David Formby and
Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc with the last one being
reported by Ilya Karpov of Positive Technologies. Rockwell has provided a
firmware update for one of the affected products and recommends disabling the
web server as an alternative and/or additional mitigation measure. There is no
indication that the researchers have been provide an opportunity to verify the
efficacy of the fix.
The reported vulnerabilities are:
• Predictable value range from
previous values - CVE-2017-7901;
• Reusing a nonce, key pair in
encryption - CVE-2017-7902;
• Information exposure - CVE-2017-7899;
• Improper restriction of excessive
authentication attempts- CVE-2017-7898; and
• Weak password requirements - CVE-2017-7903
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerabilities to
gain unauthorized access to the affected programmable logic controllers and to
spoof or disrupt TCP connections.
Moxa Advisory
This
advisory
describes three vulnerabilities in the Moxa OnCell IP gateways. The
vulnerabilities were reported by Maxim Rupp. Moxa reports that the latest
version of two of the products mitigate the vulnerabilities and provides a work
around for the remainder. There is no indication that Rupp was provided an
opportunity to verify the efficacy of the fix.
The reported vulnerabilities are:
• Improper restriction of excessive
authentication attempts - CVE-2017-7915;
• Plain text storage of a password
- CVE-2017-7913; and
• Cross-site request forgery - CVE-2017-7917
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit these vulnerabilities to allow an attacker to use brute
force to determine parameters needed to access the application. An attacker may
also obtain credentials by obtaining files that store passwords in clear text.