Today the DHS ICS-CERT published three control system
security advisories for products from Phoenix Contact, Rockwell and Xiongmai
Technology. The also published a control system security alert for a WAGO programable
logic controller (PLC).
Phoenix Contact Advisory
This advisory
describes a cross-site scripting vulnerability in the Phoenix Contact FL
COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment.
The vulnerability was reported by Maxim Rupp. Phoenix Contact has released new firmware
versions to mitigate the vulnerabilities. There is no indication that Rupp was
provided an opportunity to verify the efficacy of the fix.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to change configuration variables on
the device. The VDE-CERT advisory notes
that network access is required to exploit the vulnerability.
Rockwell Advisory
This advisory
describes an improper input validation vulnerability in the Rockwell FactoryTalk
Alarms and Events component of the Factory Talk Services Platform. The vulnerability
was reported by an unnamed major oil and gas company. ICS-CERT reports that
newer versions or existing patches mitigate the vulnerability.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause a denial of service condition
in the in the history archiver service running on FactoryTalk Alarms and
Events.
QUESTIONS: Does it seem odd to anyone else that a ‘major oil
and gas company’ would be using an out-of-date version of this product? Or is
this a problem that is endemic to the ICS user community? Did Rockwell notify
their customers (or even just their major customers) when they discovered and
fixed this vulnerability? (It does not sound like it.)
Xiongmai Technology Advisory
This advisory
describes a stack-based buffer overflow vulnerability in the Xiongmai IP
Cameras and DVRs. The vulnerability was reported by Clinton Mielke. ICS-CERT reports
that has not responded to requests to coordinate with NCCIC/ICS-CERT.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to cause the device to reboot and
return to a more vulnerable state in which Telnet is accessible.
WAGO Alert
This alert
describes an unconfirmed improper authentication vulnerability in the WAGO PFC200
PLC. This is the vulnerability that I
discussed almost a week ago. SEC Consult reported that they had coordinated
with CODESYS and that the vendor was planning on issuing a patch next month.
I am not sure why ICS-CERT issued an alert for the WAGO
vulnerability and an advisory for the Xiongmai vulnerability. It would seem to
me that those reporting formats probably should have been reversed.
NOTE: There is still no word on the Hikvision vulnerability
that I reported in the same blog post as this WAGO vulnerability.
Posts
No comments:
Post a Comment