Friday, August 11, 2017

ICS-CERT Publishes 5 Advisories

Yesterday the DHS ICS-CERT published five control system security advisories for products from ABB, Fuji Electric, Solar Controls (2), and SIMPlight.

ABB Advisory


This advisory describes a relative path traversal vulnerability in the ABB SREA-01 and SREA-50 remote monitoring tools. The vulnerability was reported by Bertin Jose and Fernandez Ezequiel. HMS Industrial Networks Ab provided a patch to correct the issue, but ABB has only tested it on the SREA-01. These are unsupported legacy products. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could use publicly available exploits to remotely exploit the vulnerability to access files on the affected products’ file systems, view data, change configuration, retrieve password hash codes, and potentially insert and send commands to connected devices without authorization.

NOTE: ABB reports that exploit code was published on github by the researchers.

Fuji Advisory


This advisory describes multiple vulnerabilities in the Fuji Monitouch V-SFT screen configuration software. The vulnerabilities were reported by Fritz Sands and kimiya via the Zero Day Initiative. Fuji has released a new version to mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The three reported vulnerabilities are:

• Stack-based buffer overflow - CVE-2017-9659;
• Heap-based buffer overflow - CVE-2017-9660; and
• Improper privilege management - CVE-2017-9662

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerabilities to allow remote code execution or cause the software that the attacker is accessing to crash. The improper privilege management vulnerability could allow an attacker with local access to escalate privileges.

WATTConfig Advisory


This advisory describes an uncontrolled search path element vulnerability in the Solar Controls WATTConfig M Software. The vulnerability was reported by Karn Ganeshen. ICS-CERT reports that Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.

ICS-CERT reports that a relatively low skilled attacker with uncharacterized access could exploit the vulnerability to allow arbitrary code execution.

HCDownloader Advisory


This advisory describes an uncontrolled search path element vulnerability in the Solar Controls Heating Control Downloader (HCDownloader). The vulnerability was reported by Karn Ganeshen. ICS-CERT reports that Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.

ICS-CERT reports that a relatively low skilled attacker with uncharacterized access could exploit the vulnerability to allow arbitrary code execution.

SIMPlight Advisory


This advisory describes an uncontrolled search path element vulnerability in the the SIMPlight SCADA Software. ). The vulnerability was reported by Karn Ganeshen. ICS-CERT reports that Solar Controls has not responded to requests to coordinate with NCCIC/ICS-CERT.


ICS-CERT reports that a relatively low skilled attacker with uncharacterized access could exploit the vulnerability to allow arbitrary code execution.

No comments:

 
/* Use this with templates/template-twocol.html */