Saturday, March 24, 2018

Public ICS Disclosure – Week of 3-17-18


This week we have seven vendor disclosures for products from Schneider (5) and ABB (2). We also have an exploit announcement for a previously disclosed vulnerability in a product from Hikvision.

MiCOM Px4x Advisory #1


This advisory describes a denial of service vulnerability in the Schneider MiCOM Px4x rejuvenated product. The vulnerability is self-reported. Schneider has provided firmware updates and described work arounds to mitigate the vulnerability.

MiCOM Px4x Advisory #2


This advisory describes a denial of service vulnerability in the Schneider MiCOM Px4x with legacy Ethernet board product. The vulnerability is self-reported. Schneider has described generic work arounds to mitigate the vulnerability.

MiCOM P540D Advisory


This advisory describes a denial of service vulnerability in the Schneider MiCOM P540D with legacy Ethernet board product. The vulnerability is self-reported. Schneider has provided firmware updates and described generic work arounds to mitigate the vulnerability.

MGE Advisory


This advisory describes four vulnerabilities in the Schneider MGE SNMP/Web Card 66074. The vulnerabilities were reported by Ilya Karpov and Evgeny Druzhinin of Positive Technologies. Schneider has replacement NMC kits available for some of the affected products and they describe generic workarounds.

The four reported vulnerabilities are:

• Authorization bypass - CVE-2018-7243;
• Information exposure - CVE-2018-7244;
• Improper authorization - CVE-2018-7245; and
• Clear-text transmission of sensitive information - CVE-2018-7246

Modicon Web Servers Advisory


This advisory describes four vulnerabilities in the Schneider Modicon PLC embedded web server. The vulnerabilities were reported by Positive Technologies. Schneider has described generic workarounds to mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

The four reported vulnerabilities are:

• Denial of Service - CVE-2018-7759;
• Authorization bypass - CVE-2018-7760;
• Arbitrary code execution - CVE-2018-7761; and
• Buffer overflow - CVE-2018-7762

Modicon FTP Advisory


This advisory describes three vulnerabilities in the Schnedier Modicaon PLC FTP servers. The vulnerability is self-reported. Schneider describes generic workarounds to mitigate the vulnerability.

The three reported vulnerabilities are:

• Arbitrary code execution - CVE-2018-7240;
• Hardcoded accounts - CVE-2018-7241; and
• Vulnerable hash algorithms - CVE-2018-7242

ADMS netCADOPS Advisory


This advisory describes a bounds checking vulnerability. The vulnerability was reported by Ismail Erkek – Barikat. ABB has described generic workarounds to mitigate the vulnerability. There is no indication that the researcher has been provided an opportunity to verify the efficacy of the fix.

CCLAS Advisory


This advisory describes three vulnerabilities in the ABB CCLAS laboratory information management system. The vulnerabilities are self-reported. ABB has a new version that mitigates the vulnerabilities.

The three reported vulnerabilities are:

• Path traversal (2); and
• Cross-site scripting

Hikvision Exploit


This announcement describes an exploit for the password in configuration file vulnerability reported last year in a number of Hikvision IP cameras. Hikvision previously reported that the “configuration file is encrypted and is therefore not readable, and protects users’ credentials”, but promised to upgrade the protections in future firmware updates. Neither ICS-CERT nor Hikvision have reported that promised firmware update.

No comments:

 
/* Use this with templates/template-twocol.html */