ICS-CERT Publishes 3 Advisories and 2 Updates

Yesterday the DHS ICS-CERT published 3 control system security advisories for products from PDQ Manufacturing, Mirion Technologies and Continental AG. They also updated two previously issued advisories for products from Schneider Electric and Siemens.

PDQ Advisory

This advisory describes two vulnerabilities for the PDQ LaserWash, Laser Jet and ProTouch carwash control systems. The vulnerabilities were reported by Billy Rios and Jonathan Butts of WhiteScope and independent security researcher Terry McCorkle. PDQ is developing mitigation measures and has provided interim mitigating controls. This was publicly disclosed at Black Hat.

The two reported vulnerabilities are:

• Improper authentication - CVE-2017-9630; and

• Missing encryption of sensitive data - CVE-2017-9632

ICS-CERT reports that a relatively low skilled attacker could use publicly available exploits to remote exploit the vulnerabilities to gain unauthorized access to the affected system and to issue unexpected commands to impact the intended operation of the system.

Mirion Advisory

This advisory describes two vulnerabilities in Mirion Telemetry Enabled Devices (radiation sensors). These vulnerabilities were reported by Ruben Santamarta of IOActive and were reported at Black Hat. ICS-CERT reports that: “Mirion Technologies is continuing their investigation of this matter and expects to provide users with additional news and solutions in the next three months.” Interim mitigation measures are described.

The two vulnerabilities are:

• Use of a hard-coded cryptographic key - CVE-2017-9649; and

• Inadequate encryption strength - CVE-2017-9645

ICS-CERT reports that an uncharacterized attacker with uncharacterized access could use a publicly available exploit to transmit fraudulent data or perform a denial of service.

NOTE: The Santamarta paper also reports vulnerabilities in radiation detection products from Ludlum.

Continental Advisory

This advisory describes two vulnerabilities in the Continental Infineon S-Gold 2 (PMB 8876) chipset used in a variety of automotive telematics devices. The vulnerabilities were reported by Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk of the Advanced Threat Research Team at McAfee. ICS-CERT reports that: “Continental has validated the reported vulnerabilities but has not yet identified a mitigation plan.”

The reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2017-9647; and

• Improper restriction of operations within the bounds of a memory buffer - CVE-2017-9633

ICS-CERT reports that a relatively low skilled attacker using publicly available exploits could remotely exploit these vulnerabilities to disable the infotainment system of the vehicle and affect functional features of the vehicle. According to affected auto manufacturers, these vulnerabilities do not directly affect the critical safety features of the vehicle.

Schneider Update

This update provides new information on an advisory originally published on November 3^rd, 2016 and updated on November 29^th. The update provides information about the new version that does not include the web server feature.

Siemens Update

This update provides new information on an advisory that was originally published on July 6^th, 2017, and updated on July 18^th. This provides updated affected version and mitigation measures for Firmware variant IEC 104: All versions prior to V1.21.

Missed Siemens Advisory

Early last week Siemens reported two vulnerabilities is some of their XP® based Healthineers products. Siemens reports that they are working on updates for the affected products and provide workarounds that can be used until the updates become available. ICS-CERT has not reported on these vulnerabilities.