Public ICS Disclosure – Week of 5-19-18

This week we have one vendor disclosure from Philips, six exploits for previously disclosed vulnerabilities and two exploits for previously undisclosed vulnerabilities.

Philips Disclosure

The Philips security web page mentions vulnerabilities in its EncoreAnywhere hosted web application. No real details available beyond the explanation that a successful exploit could result in “unencrypted communication and improper disclosure of sensitive data”. The page does note that ICS-CERT has been notified, so we may see an advisor from ICS-CERT next week.

t4rkd3vilz Exploits

Researcher t4rkd3vlz has published six new exploits on ExploitDB.com for previously disclosed vulnerabilities. As usual these are mentioned here because ICS-CERT does not update their advisories to reflect new publicly available exploits.

• Siemens SIMATIC S7-1200 CSRF Vulnerability – ICS-CERT reported;

• Schneider Electric PLCs Vulnerabilities – ICS-CERT reported;

• Siemens SIMATIC S7-1200 CPU Web Vulnerabilities – ICS-CERT reported;

• Siemens SIMATIC S7-1500 CPU Denial of Service – ICS-CERT reported;

• Siemens SCALANCE S613 Denial-of-Service Vulnerability – ICS-CERT reported; and

• Honeywell FALCON XLWeb Controllers Vulnerabilities – ICS-CERT reported;

New Exploits

Researcher t4kd3vlz published an additional exploit on ExploitDB.com that appears to be for a previously undisclosed information disclosure vulnerability in the Honeywell Scada System (sic). He (she?, not making assumptions here) usually includes CVE numbers in his description for previously disclosed vulnerabilities and there is none here.

Emre ÖVÜNÇ published an exploit on ExploitDB.com for a hardcoded username and password in the mySCADA myPRO 7.