Today the DHS ICS-CERT published five control system
security advisories, two products from Schneider Electric and three from
Siemens. It also published updates for two previously published advisories for
products from Siemens.
Ampla Advisory
This advisory
describes two vulnerabilities in the Schneider Ampla MES products. The
vulnerabilities were reported by Ilya Karpov from Positive Technologies.
Schneider reports that the current version of the products mitigates the vulnerability.
There is no indication that Karpov has been provided an opportunity to verify
the efficacy of the fix.
The reported vulnerabilities are:
• Clear text transmission of
sensitive information - CVE-2017-9637; and
• Inadequate encryption strength - CVE-2017-9635
ICS-CERT reports that a relatively unskilled attacker (with
uncharacterized access) can exploit the vulnerabilities to connect to third party
databases or compromise credentials of Ampla users configured with Simple
Security. The Schneider security
bulletin notes that configuring the products configured with Windows
Integrated Security avoid these vulnerabilities.
Comment: I always wonder
when a current version of a product mitigates a previously unreported
vulnerability in earlier versions if the problem was corrected by ‘accident’ or
if the vendor had discovered the vulnerability and fixed it without
specifically identifying the vulnerability to its customers. If it is the
later, they are doing their customers a disservice by not identifying the
vulnerability so that owners can make an appropriate, risk-based decision to
upgrade or not.
Wonderware Advisory
This advisory
describes three vulnerabilities in the Schneider Wonderware ArchestrA Logger.
The vulnerability was reported by Andrey Zhukov of USSC. Schneider has
developed a security patch to mitigate the vulnerability. There is no
indication that Zhukov was provided an opportunity to verify the efficacy of
the fix. The Schneider security
bulletin, however, indicates that Zhukov has verified the efficacy of the
fix.
The reported vulnerabilities are:
• Stack-based buffer overflow - CVE-2017-9629;
• Uncontrolled resource consumption
- CVE-2017-9627; and
• Null pointer deference - CVE-2017-9631
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to execute code or cause a denial of
service.
SIPROTEC Advisory
This advisory
describes six vulnerabilities in the Siemens SIPROTEC 4 and SIPROTEC Compact
devices. Siemens has self-reported the vulnerability. Siemens developed a
firmware updates to mitigate the vulnerability.
The reported vulnerabilities are:
• Improper input validation - CVE-2015-5374
and CVE-2016-7113;
• Missing authorization - CVE-2016-4784,
CVE-2016-4785, and CVE-2016-7112; and
• Improper authentication - CVE-2016-7114
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit the vulnerability to allow an attacker access to sensitive
information, or allow an attacker to perform administrative functions. The
Siemens security advisory reports that two of the vulnerabilities could allow
the attacker to conduct a denial of service attack.
Reyrolle Advisory
This advisory
describes five vulnerabilities in the Siemens Reyrolle products. Siemens has
self-reported the vulnerability. Siemens has developed a new firmware version
to mitigate the vulnerabilities.
The reported vulnerabilities are:
• Missing authorization - CVE-2016-4784,
CVE-2016-4785 and CVE-2016-7112;
• Improper input validation - CVE-2016-7113;
and
• Improper authentication - CVE-2016-7114
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to access sensitive device
information, circumvent authentication, and perform administrative actions. The
Siemens security
bulletin notes that an attacker needs to have network access to the device.
OZW672 and OZW772 Advisory
This advisory
describes two vulnerabilities in the Siemens OZW672 and OZW772 devices. The
vulnerabilities were reported by Stefan Viehböck from SEC Consult. Siemens has
provided work arounds to mitigate the vulnerabilities, but there is no
indication that a more permanent fix is in the offing.
The two reported vulnerabilities are:
• Missing authentication for
critical function - CVE-2017-6872 and CVE-2017-6873
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to read and write historical
measurement data under certain conditions, or to read and modify data in TLS
sessions.
PROFINET Update
This update
provides new information on an advisory that was originally published on May 9th,
2017 and updated
on June 15th, 2017, and then again on June
20th, 2017. The update provides new affected version information
and mitigation measures for SIMATIC PCS 7: All versions prior to V9.0.
SIMATIC Update
This update
provides new information on an advisory that was originally
published on February 14th, 2017 and updated
on June 15th, 2017. The update provides new affected version
information for:
• SIMATIC PCS 7: All versions prior
to V9.0, and
• SIMATIC PDM: All versions prior
to V9.1
Posts
No comments:
Post a Comment