ICS-CERT Publishes 3 Advisories

Today the DHS ICS-CERT published two industrial control system advisories for products from Rockwell and Moxa. They also published a medical control system advisory for products from B Braun Medical. The Rockwell advisory was previously published on the NCCIC Portal on April 25^th, 2017. The Braun Medical advisory was previously published on the NCCIC Portal on March 23^rd, 2017l

B Braun Medical Advisory

This advisory describes an open redirect vulnerability on the B Braun Medical SpaceCom module. The vulnerability was reported by Marc Ruef and Rocco Gagliardi of scip AG. Braun has produced a software update that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerability to  allow URL redirection to untrusted web sites.

Rockwell Advisory

This advisory describes multiple vulnerabilities in the Allen-Bradley MicroLogix 1100 and 1400 PLCs. The three of the vulnerabilities were reported by David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc with the last one being reported by Ilya Karpov of Positive Technologies. Rockwell has provided a firmware update for one of the affected products and recommends disabling the web server as an alternative and/or additional mitigation measure. There is no indication that the researchers have been provide an opportunity to verify the efficacy of the fix.

The reported vulnerabilities are:

• Predictable value range from previous values - CVE-2017-7901;

• Reusing a nonce, key pair in encryption - CVE-2017-7902;

• Information exposure - CVE-2017-7899;

• Improper restriction of excessive authentication attempts- CVE-2017-7898; and

• Weak password requirements - CVE-2017-7903

ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerabilities  to gain unauthorized access to the affected programmable logic controllers and to spoof or disrupt TCP connections.

Moxa Advisory

This advisory describes three vulnerabilities in the Moxa OnCell IP gateways. The vulnerabilities were reported by Maxim Rupp. Moxa reports that the latest version of two of the products mitigate the vulnerabilities and provides a work around for the remainder. There is no indication that Rupp was provided an opportunity to verify the efficacy of the fix.

The reported vulnerabilities are:

• Improper restriction of excessive authentication attempts - CVE-2017-7915;

• Plain text storage of a password - CVE-2017-7913; and

• Cross-site request forgery - CVE-2017-7917

ICS-CERT reports that a relatively low skilled attacker could remotely exploit these vulnerabilities to allow an attacker to use brute force to determine parameters needed to access the application. An attacker may also obtain credentials by obtaining files that store passwords in clear text.