Yesterday the DHS ICS-CERT published five control system
security advisories for products from ABB, Fuji Electric, Solar Controls (2),
and SIMPlight.
ABB Advisory
This advisory
describes a relative path traversal vulnerability in the ABB SREA-01 and
SREA-50 remote monitoring tools. The vulnerability was reported by Bertin Jose
and Fernandez Ezequiel. HMS Industrial Networks Ab provided a patch to correct
the issue, but ABB has only tested it on the SREA-01. These are unsupported
legacy products. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker
could use publicly available exploits to remotely exploit the vulnerability to access
files on the affected products’ file systems, view data, change configuration,
retrieve password hash codes, and potentially insert and send commands to
connected devices without authorization.
NOTE: ABB reports
that exploit code was published on github by the researchers.
Fuji Advisory
This advisory
describes multiple vulnerabilities in the Fuji Monitouch V-SFT screen
configuration software. The vulnerabilities were reported by Fritz Sands and
kimiya via the Zero Day Initiative. Fuji has released a new version to mitigate
the vulnerabilities. There is no indication that the researchers have been
provided an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Stack-based buffer overflow - CVE-2017-9659;
• Heap-based buffer overflow - CVE-2017-9660;
and
• Improper privilege management - CVE-2017-9662
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerabilities to allow remote code execution or
cause the software that the attacker is accessing to crash. The improper
privilege management vulnerability could allow an attacker with local access to
escalate privileges.
WATTConfig Advisory
This advisory
describes an uncontrolled search path element vulnerability in the Solar
Controls WATTConfig M Software. The vulnerability was reported by Karn
Ganeshen. ICS-CERT reports that Solar Controls has not responded to requests to
coordinate with NCCIC/ICS-CERT.
ICS-CERT reports that a relatively low skilled attacker with
uncharacterized access could exploit the vulnerability to allow arbitrary code
execution.
HCDownloader Advisory
This advisory
describes an uncontrolled search path element vulnerability in the Solar
Controls Heating Control Downloader (HCDownloader). The vulnerability was
reported by Karn Ganeshen. ICS-CERT reports that Solar Controls has not
responded to requests to coordinate with NCCIC/ICS-CERT.
ICS-CERT reports that a relatively low skilled attacker with
uncharacterized access could exploit the vulnerability to allow arbitrary code
execution.
SIMPlight Advisory
This advisory
describes an uncontrolled search path element vulnerability in the the
SIMPlight SCADA Software. ). The vulnerability was reported by Karn Ganeshen.
ICS-CERT reports that Solar Controls has not responded to requests to
coordinate with NCCIC/ICS-CERT.
ICS-CERT reports that a relatively low skilled attacker with
uncharacterized access could exploit the vulnerability to allow arbitrary code
execution.
Posts
No comments:
Post a Comment