Saturday, March 31, 2018

Public ICS Disclosures – Week of 03-24-18

This week we have one vendor notification from Siemens and two exploits for previously disclosed vulnerabilities in products from Hikvision and Advantech.

Siemens Advisory

This advisory describes 8 vulnerabilities in Siemens Building Technologies Products. The vulnerabilities were reported by Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab. The newest version of the license management systems for the affected products mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

These reported vulnerabilities are the Gemalto Sentinel LDK RTE vulnerabilities that have been previously reported by Siemens in other products.

Hikvision Exploit

This exploit provides proof-of-concept code for an attack on IP cameras from Hikvision. The backdoor vulnerability was previously disclosed on May 4th, 2017. The exploit was published by Matamorphosis on

Advantech Exploit

This exploit provides proof-of-concept code for an attack on the WebAccess products from Advantech. The stack-based buffer overflow vulnerability was previously disclosed on January 14th, 2016. The exploit was published by Chris Lyne on


I noted in an earlier post that this set of Gemalto vulnerabilities probably effects a wide range of ICS products (including products from at least three other major ICS vendors) and suggested that ICS-CERT should have done an alert on these vulnerabilities. It is not too late to do so.

While both of the exploited vulnerabilities describe above were previously reported by ICS-CERT as not having publicly available exploits, ICS-CERT does not make a practice of removing that language from their advisories when exploits do become publicly available. It would probably be valuable to the ICS security community if that practice were changed.

No comments:

/* Use this with templates/template-twocol.html */