Saturday, April 14, 2018

ICS Public Disclosure – Week of 04-07-18

This week we have one new vendor report from Rockwell and two updates from Siemens.

Rockwell Advisory

Rockwell reports (registration required) two vulnerabilities in the FactoryTalk Activation Manager. Both are 3rd party vendor problems. Rockwell has a new version that mitigates the vulnerabilities. The two reported vulnerabilities are:

• CodeMeter Cross-Site Scripting; and
FlexNet Publisher Remote Code Execution

Rockwell has thoughtfully provided links to more information on each of these vulnerabilities (CodeMeter and FlexNet). Proof of concept exploits are available for each vulnerability.

If you click thru the FlexNet stuff you can get to an interesting blog post about this software license manager vulnerability. It appears that this is the same vulnerability that was reported earlier this year in products from Schneider. That blog post notes that FlexNet counts Siemens as a customer. We have, of course, seen Siemens reporting vulnerabilities in their license manager from Gemalto, so I do not know how current that FlexNet data is.

Industrial Products KRACK Update

Siemens published an update to their KRACK advisory for their Industrial Products. ICS-CERT has published previous updates on these vulnerabilities so it is surprising that there has been no update that was published over a week ago. The update provides revised version information and a mitigation link for SCALANCE W1750D.


Siemens published an update on the DNSMasq vulnerabilities in their SCALANCE products. ICS-CERT did issue an advisory on these vulnerabilities, so again, I have no idea why they have not published an update. The update provides essentially the same new information for the SCALANCE W1750D product.

No comments:

/* Use this with templates/template-twocol.html */