This week we have two vendor disclosures (ABB), two exploits
published for previously disclosed vulnerabilities (Rockwell and Schneider) and
two reports of vulnerabilities in a third-party service (Calamp) used by
various automotive automation systems. There is also a third vendor (Philips)
disclosure that is probably being reported by ICS-CERT next week that I am just
mentioning in passing.
ABB Disclosures
ABB reports
three vulnerabilities in the Welcome IP-Gateway product. The vulnerabilities
were reported by Florian Grunow of ERNW GmbH. ABB has a new version that mitigates
the vulnerabilities. There is no indication that Grunow has been provided an
opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Remote code injections – no CVE
reported; and
• Missing session management (2) - CVE-2017-7931, and
CVE-2017-7906
ABB reports
an exploitable RSS function in their Elipse Application. This vulnerability is
self-reported. ABB has new versions that mitigate the vulnerability by removing
the RSS service.
Rockwell Exploit
t4rkd3vilz published an exploit on ExploitDB.com
for the Rockwell CompactLogix SCADA system. The vulnerability that this exploit
uses was
reported by ICS-CERT in March of 2016.
Schneider Exploit
t4rkd3vilz published an exploit on ExploitDB.com
for the Schneider Electric IONXXXX Series Power Meter. The vulnerability that
this exploit uses was
reported by ICS-CERT in November of 2016.
Calamp Vulnearbilities
Vangelis Stykas has two posts (here and here) and a blog
post on two vulnerabilities in backend services provided by Calamp that are
used by automotive vendors such as Viper SmartStart and Directed SmartStart. These
were coordinated disclosures, patches have been made to the system and Stykas
has verified the efficacy of the fix.
Posts
No comments:
Post a Comment